In all honesty, probably not much. Even with the pending Federal anti-spam legislation, you probably will not see any decrease in spam. In fact, some versions of the bills actually give large corporation rights to spam you. Also much spam originates or is relayed through other countries, so Federal laws won't apply.
All that said though, I have helped build cases for companies to get thrown out of colo space, get transit services shut down, and dozens of home DSL and cable connections terminated. It takes persistence and patience, and some basic tools.
First, you have to figure out where the spam came from. There are often two targets here. The machine that relayed the mail to you, and often a spamvertised web site where you can go to buy their product or "unsubscribe" (ha!).
First, open the spam message, and find the option in your mail client that says some thing like "View all headers" or "Blah, blah, blah." When you have it right, you'll see a bunch of "Received:" and "Mime-Version" and other info. Starting at the top, look for the first "Received:" header. It should look something like this:
This header is added by the Midas Networks server, and due to the nature of IP, will always have the correct address of the last machine to handle the mail on its way to you. Spammers often try to confuse the issue by configuring their machines to claim to be at Yahoo, Hotmail, or AOL, but look beyond this to the IP address enclosed in square brackets. You can start figuring out who to complain to with this address, using the methods in "Finding the Source," described below.
Many spams contain clickable links to make it easy for you to confirm that your email address is live when you try to unsbscribe, so that you can get more spam in the future. Or they contain links to make it easy for you to buy their product. (Hint: turn off HTML rendering functions or previews in your mail client, as some spams now contain identifying information to help them identify active email addresses. HTML is not needed in 99.999% of the emails transmitted anyway. Users of LookOut! clients will also be somewhat harder to infect with worms.)
In any case, you want to help shut these people down, so their web site makes a good target. Most ISPs have a clause in the AUP or TOS that prohibits spamvertising (see section 5 for Midas Networks).
To find the IP address to complain about, find out how to view the source code of the spam, then look for statements that contain the work "href" followed by a URL. The bit between the "//" and the ending top level domain name (usually com, net or org, but often a two letter country code) is your target. For MacOS X, Unix and WinNT derivative users, you can open a terminal window and run the command "nslookup" followed by the domain name. You should get back an IP address to use in "Finding the Source," described below.
Run a traceroute to the IP address. Least reliable method of finding the serving ISP, but it will show you the transit carriers. Sometimes complaints to them can be useful, especially if you quote their AUP by URL.
Here's an example of a traceroute to www.21cn.com, a known spam source:
In this case, I would send email to abuse@att.net. Maybe if the get tired of deleting the spam complaints, they'll force their customer to clean up. I often use this approach when the spammer is outside the US, since the large US and European companies that provide the connections are usually more responsible and responsive to complaints. (I have had a past abuse@ address get added to a spammer database when I complained to a small, now shut down, foreign ISP).
Just whois this dude anyway? IP addresses have to be carefully tracked globally to make sure that two organizations don't accidentally start using the same space. There are four groups that do this worldwide ARIN, RIPE, APNIC, and LACNIC. All of these groups maintain a database of contact information called "whois," and make the information available via their web sites. Each group has responsibility for a different part of the world, and if you guess wrong, they will politely point you to the correct group.
Just plug your IP address in to the "whois" page, and you'll get back info on the company, often including a preferred abuse complaint address.
Here's an example using our address above.
This makes it pretty clear who to complain to. Sometimes it won't be so clear, and you might have to go digging about with the "OrgName" and address information in your favorite search engine to find out the real domain name. If you have to go to a lot of trouble though, you're probably looking very close to the actual spammer, and so might not want to send a complaint to them. Fall back to Method One and complain to the last named hop before you get to the source address.
The long shot, but sometimes it works. Not all spammers are competent computer gurus. Many spammers saw a CD that promised to make their small business a million dollors by getting their message out to millions of computer users (sadly many people get this message through spam). In these cases, sending a note to the company hosting the domain name servers may get them effectively shut down by removing the information that links their name to their IP addresses. Look through the email to find domain names, and then use the DNS whois services to find the company hosting the nameservers for the domain and complain to them. Be careful though, since the nameservers may be hosted by another spam company. If you have a domain name registrar, use their whois, if not, Network Solutions is the one to use. The URL for the whois link changes occasionally, so go to www.netsol.com and look for "whois."
Once you've settled on who to complain to, forward the email with complete headers to the abuse@ addresses for the ISPs. Include a line noting that the email server is NTP synchronized, since this will help prevent the spammer from wriggling out by claiming that they were not on line at the time the mail was sent. Be polite, since the person who finally reads the email is often able to do something about it. Venting your anger in your complaint will only get it bit bucketed.