Let me guess, this is the email listed in your profile?

You have to understand that spammers spider the web randomly looking for anything that looks like an email address (simple regexp).

Once you get spam, you're stuck with it. Your email is in a DB and is being sold. Calling a spammer, emailing their ISP does no good. Fine you might get one loser in his basement banned, but your email is still being sold.

Funny thing is that a couple of years ago my father had a client that wanted to spam, so he was asked to do this for him and was given a CD with millions of email addresses. My (hotmail.com) email address was on there.

So how do you avoid spam? Use multiple email accounts. Buy a domain name and get a host that will give you a catch-all. Then you can use email client filters to move things to folders, or to >/dev/null all emails going to an account that started to get spam. The problem is that a lot of people only have one account they use for everything. At one point you'll buy something from a merchant that sells your email, and you're screwed.

Edit:
Forgot to mention, but it's beyond simple to send an email using a fake return address. The "To:" is just a line in the header, the SMTP server doesn't care where it really comes from. Some are setup to make sure the domain is local, but if you run your own server you can bypass that.