Most likely open relays rather than the actual owner doing it. I get around 20 attempts a day on my mail server from people looking to see if they can relay from it.
Here is an example of the from: field with full headers on:
Received: from c-24-1-157-18.client.comcast.net (c-24-1-157-18.client.comcast.net [24.1.157.18])
Is there any way of telling whether this IP originated the e-mail or went through an open relay?
Either way, I forward the full message with headers to the system that it came from, usually at abuse@_system_.com, or wherever, asking that their system stop sending SPAM. Maybe they will terminate that IP's account. I get about 20 of these (from DSL and/or Cable Modem) per day.