We don't spam, at all. And our service providers should not be allowing any spam to go through them, either. Any spam that alleges to come from us has forged the addresses.
We receive spam, ourselves, and from time to time they forge our own address as their sent from address, hoping that doing so will get past any spam filters and that it may fool someone in our organisation (which it won't).
The address it is emailed to is usually completely fictitious, as well. Email doesn't require this address to be correct, you can receive email without your address in the to header. Email actually uses the address on the outside of the envelope to send to. (When you read an email, you're reading the stuff written inside the envelope. If you want to see the envelope addresses, look for envelope-to or x-apparently-to mail headers.)
The one address that will probably be real is their reply-to address. That's the one they want you to reply to, you'll notice it's usually quite different from all the other addresses. And if you do reply to their email, your email program will automatically use that address. This is the address that you want to report in any spam complaints you make.
e.g. If it's a gmail address, report it to gmail. You can forward the message, it'll need to have all of its headers, including the usually hidden ones, to email@example.com (write a short explanatory note to go with it).
Another thing that may be real is any links that they want you to click on in their message. But be warned, the thing you see written on the page may not be the address you will end up loading. To see the real address do not click on it, but hover your mouse pointer over it without clicking, and look for an address appearing somewhere on your screen (there isn't an easy way to do something like this on touch-screen devices). This address will probably be something that tries to scam you or corrupt your computer. Trying to report that is much harder, you'd need to work out who their hosting provider is, and whether they'll take action against spamming, or if they actually support scammers.
Be careful when making spam reports, you may be making your report to the spammer themselves, not to any organisation that would take steps against them. Or you may make one to an organisation that does little more than tell the spammer that you made a complaint about them, and the spammer will send you more spam in revenge.
Reports made to the big service providers (e.g. Gmail, Yahoo, various famous computer system manufacturers, and national telecommunication carriers) are much more likely to act properly on spam reports (when the spam has come through their services).
However, the spammer will just set up new addresses and start again, for the rest of their lives. All you'll do is save a few other people from being scammed in the meantime. Most companies aren't competent enough to stop the same spammers from setting up new accounts, and few legal systems will do anything useful against spammers. You'd need to be able to track down the person, in real life, and chop off their hands to actually stop them.
Remember, usually ignore the to and from addresses, it's the reply-to address that the spammer is using. They'll only be using the from address if they haven't used any reply-to address, and they're not trying to get you to click on a link in their email. But it's usually easier to just delete spam, and enjoy pressing your delete button as you do so.