Stopping sneaky spammers

[Bruno]

Hello all,

I have found a major spamming outfit (HighSpeedMail) that is very aggressive
at avoiding being detected by anti-spam software (including my installed
MailScanner and SpamAssassin - using default rules, even the default and
quite aggressive "5" blocking level, since SA usually ranks them over 3 and
below 5).

Unless a good way to block them is found, I fear other spamming outfits will
soon follow on their tacticts.  Suggestions on how to block them permanently
would be welcome.

Here are some details:

1) They seem to always fake their email address (hi-speed.ch,
hi-speedmail.com, hi-speedmail.net, hi-speedemail.com, hi-speedemail.net,
hi-speedmediaoffers.com, hispeedmediaoffers.com, hispeedmediaoffers.net,
hsm-mailer.com, hsm-mailerdirect.com, hsmmailer.com, hsmailer.com).
2) The spam seems to originate from a few addresses in the 10.0.1.* network,
but is delivered/routed via other IPs, before it reaches me.
3) The delivery IPs change but seem to come from the same class C subnet for
about 2 weeks at a time (64.70.20.*, 64.70.44.*, 12.158.236.*,
148.233.70.50, 217.168.208.252).
4) I am using /etc/mail/access to block the delivery class C subnets for
this spam, but have to keep adding new ones.
5) I use the free Spam List from the default MailScanner installation
(ORDB-RBL), but they seem to avoid it quite easily.  I am a home user, and
cannot afford paying for a commercial list.
6) Possible alternative solution:  A few months ago I read in InfoWorld that
"in theory" in the US it is possible to sue spammers for $1000 per spam
message.  I probably get about 1000 spams per year that I can trace to these
specific spammers. Does anybody know of a lawyer that specializes on this
type of lawsuit and will work for a percentage of the amount collected?