We don't spam, at all. And our service providers should not be allowing any spam to go through them, either. Any spam that alleges to come from us has forged the addresses, and there is little that we can do about that. Any attempt to restrict the use of our email address to only work on our authorised mail servers can only work with mail servers that obey those rules. Spamming mail servers don't obey rules. And many receiving mail servers don't competently manage spam, either.
We don't send out any emails touting for work. We have a website that people find, themselves, when they go searching for something that we do.
We receive spam, ourselves, and from time to time they forge our own address as their sent from address, hoping that doing so will get past spam filters and that it may fool someone in our organisation (which it won't). At some stage, they'll probably forge our addresses in spam they send to other people, too.
An email's from address doesn't have to be correct for an email to be sent, and is usually fraudulent in spam emails. Though some mail servers are starting to do checks that require the original sender to be verified, many don't, and the scheme isn't foolproof. The originating server has to require the poster to log-in. The post has to go through a server that's authorised to send mail for that address. The receiving server has to check the mail came from an authorised server. And even when that's done, you may find that you still receive spam—it's just marked as being spam, rather than refusing delivery.
The address spam is emailed to is usually completely fictitious. Email doesn't require this address to be correct, you can receive email without your address in the to header. Email actually uses the address on the outside of the envelope to send to. (When you read an email, you're reading the stuff written inside the envelope. If you want to see the envelope addresses, look for envelope-to or x-apparently-to mail headers.)
The one address that may be real is the reply-to address. That's the one they want you to reply to, if they're trying to get you to respond by replying to their email. You'll notice it's usually quite different from all the other addresses. And if you do reply to their email, your email program will automatically use the reply-to address. If the spam is trying to get you to reply to it, this is the address that you may want to report in any spam complaints you make.
e.g. If they're trying to get you to respond to some address at Gmail, then you can forward that entire message (headers and all) to abuse@gmail.com (forward the email as an attachment, don't just quote the text in the message). And other mail providers may provide a similar abuse@ address, though many require you to go their website and fill in a complaint form.
However, it's quite likely that none of the email addresses have anything to do with the sender. They've forged them all, the reply-to address is someone else's address that they're abusing, and what they want you to do is click on a link in the message.
Some of links that they include in their message may be real. They may surround their exploitative “click here” link amongst genuine links that they don't expect you to click on, trying to fake an official looking email. Bank fraud spam commonly includes links to a real bank, their contact pages, their complaints page, but the link that they're trying to get you to click on has nothing to do with that bank.
Be warned, the thing you see written on the page may not be the address you will end up loading. To see the real address do not click on it, but hover your mouse pointer over it without clicking, and look for an address appearing somewhere on your screen (there isn't an easy way to do something like this on touch-screen devices). This address will probably be something that tries to scam you or corrupt your computer, and will often be a mispelling of some website address (but close enough that you mightn't notice at a quick glance, and you end up on a faked website.
Trying to report this kind of thing is much harder, you'd need to work out who their scam website's hosting provider is, and whether they'll take action against spamming, or if they actually support scammers.
e.g. You receive an email that looks like it came from your bank, it has some urgent warning they want you to click on. If you check the link address that it's going to send you to, you notice that it's yourbanks.com instead of yourbank.com (which has nothing to do with your bank). Or instead of yourbank.com it has yourbank.site (which, also, has nothing to do with your bank). Or a yourbank-security.com or security-yourbank.com address (again, they have nothing to do with your bank). Many scams rely on you not understanding how internet addresses are formed, you need to learn how they're constructed.
Addresses have to be exactly right, just one character different and it's a completely different website. Everything in the domain name portion of the address (that's before the first slash, e.g. example.com in www.example.com/otherstuff), has to always be exactly what it's supposed to be for the site you expect to be at. The stuff after that slash will change depending on what page in that site you're looking at. A sub-domain, that's the www. dotted prefix before the domain name, will belong to the same domain, but it has to be a dotted prefix, not any other kind of punctuation. Something like secure.example.com and www.example.com both belong to example.com. But something like secure-example.com or example-secure.com are two completely different domain names, none of them have anything to do with each other.
Another gotcha are dynamic DNS redirection services. Your bank won't use one, but some private sites do. They have their sub-domain in front of the direction service's domain name. In a case like them, a personal site at john.example.org is unrelated to one at jane.example.org and their content has nothing to do with example.org (although you could complain to them about any misuse of their service).
Internet addresses are constructed in the format of sub domain prefix . domain name / resource query, you have to make sure the domain name is always correct, and you should check the subdomain prefix, too. Know what your bank's address is, likewise with any shopping sites that you use.
So you research the fake website address, and find out that it's hosted by someservingfarm.com. Now you have research someservingfarm.com and check out if they have any way to report a fraudulent website hosted by them, whether they'll do anything about it, or whether they're a criminal organisation themselves.
If you use spam filtering software, it may be possible to report spams to them, and they may improve their spam detection techniques.
Be careful when making spam reports, you may be making your report to the spammer themselves, not to any organisation that would take steps against them. Or you may make one to an organisation that does little more than tell the spammer that you made a complaint about them, and the spammer will send you more spam in revenge.
Reports made to the big service providers (e.g. Gmail, Yahoo, various famous computer system manufacturers, and national telecommunication carriers) are much more likely to act properly on spam reports (when the spam has come through their services).
However, the spammer will just set up new addresses and start again, for the rest of their lives. All you'll do is save a few other people from being scammed in the meantime. Most companies aren't competent enough to stop the same spammers from setting up new accounts, and few legal systems will do anything useful against spammers. You'd need to be able to track down the person, in real life, and chop off their hands to actually stop them.
Remember, usually ignore the to and from addresses, it's the reply-to address that the spammer is using, or webpage links in the email. They'll only be using the from address if they haven't used any reply-to address, and they're not trying to get you to click on a link in their email. But it's usually easier to just delete spam, and enjoy pressing your delete button as you do so.