[no_protocol]

> The appropriate analogy is probably something like fake check scams. Illegal, but difficult to trace and likely to lead to a dead end.

Oops, I actually jumped topics for the final paragraph and was making an analogy about scanners trying random passwords on a known port, or similar.

[paulmd]

Well - and this goes for ransomware too - if you are smart then you aren't doing the portscanning or mailing from your personal PC. It's coming from compromised PCs or IoT devices in a botnet. So tracking down the perpetrator still involves finding the well-concealed owner of a botnet.

As a mitigation strategy you can certainly perform filtering and rate-limiting at a firewall, or even blacklisting certain IPs. I'm pretty sure there are already collectively-maintained blacklists of badly-behaved machines/devices. But you're really just taking some compromised PCs off the net, not going after the perpetrator.