But they've also broken into a server I run. At least, not really "broken in", rather used a rather lame vulnerability in a common open source (rather low quality) web app which we happen to run, to send spam.
This means that our server has been sending spam. Hurrah.
And they've used a robot which uses random proxies, so we can't localise them.
It's an app I don't have the time or inclination to fix, therefore, the contact form will be off limits for ever more, henceforth. My clients will get annoyed and complain.
Result = spammers are evil, and must die.