If you run a relay with the spam you could look at their ip addresses… although it’s probably just some vserver somewhere.