Many of the emails that I receive are coming from Amazon Web Services accounts. When I take the sender information and perform an NSLOOKUP on the IP address, it comes back with some variation of ec2-52-25-110-120.us-west-2.compute.amazonaws.com. I opened an account at AWS to report this spam, and AWS says that they researched my cases and shut down the offending application. They state that I should follow up if I continue to get more. The problem is, these AWS applications share virtual IP addresses and they need the exact time the message was sent, within a minute to track down the offending web service. Once they kill them, another variation starts under a different account within an hour or two. Many of the AWS emails have hyperlinks to NameCheap domains, and that registrar is washing their hands of any culpability.
I'm also getting a bunch that target domains registered to Digital Versance, who appears to be some guy in Delaware that is running out of two iPostal mailbox offices. I've reported the domains where these emails link to, if they don't have proper ICANN information. Most of the spam links to domains under auspices of registrars NameCheap and Dynadot and they really seem to profit from this type of arrangement--so I don't think they are motivated to shut them down. NameCheap doesn't seem to enforce the ICANN registration requirements, because many of their domains have that contact information missing. Instra and NameSilo are two other registrars that come up in 3rd and 4th place as to the domains these spam emails target in their hyperlinks.