There is an assumption however that I’m not sure I agree with - that spam is sent from mail servers and not from bot infected PCs. If the mail is sent from a bot infected PC, it would be extremely common for that PC to be behind a NATing device, and therefore forging IP addresses simply doesn’t work.

The potential place where this could work is for servers (proxies/mail servers/relays) that are public facing with real address space that are compromised. Even here there is a caveat - the carrier has to have their network configured to route traffic for IPs they don’t own - not a wise idea and there are standards that say you shouldn’t allow this to happen.

There is however significant benefit in monitoring the senders of email as it is by monitoring this end of the conversation taht you can be most accurate in detecting spammers, which I believe your platform would be able to do.