If you really have the time to worry about it, then do something legal but so drastic that it makes the news. Something like organizing a picket protest outside their offices.

Maybe even something like suing for the lost time and the time taken to adjust your email client to deal with their threat (hey, much spam is a security threat and companies that have server breaches use this expense in court all the time). Then get everyone they've spammed certified as a class, move for discovery of every address they've spammed, and multiply your losses times the number of people involved. Then, make sure they pay for the notifications to everyone in the class. That'll stop one spammer, and maybe make a few others slightly nervous. It should only take three or four years of your attention and attorney's fees.

You can sometimes, by identifying the IP block and contacting the upstream provider, get a spammer's access to the Net cut for violating a usage agreement. That's a minor pain for them to find another ISP.

You can sometimes write their registrar and ask that their domain names be revoked for violating the registrar's terms of service.

In severe cases in which the ISP doesn't care about the spammers, you can get the ISP's upstream and domain names cancelled, too.

If these options are too much of a hassle, then just get better filtering going.