As in so many areas of life, it's just a case of making your system harder to abuse than your neighbours'. If your system gives the spammers any trouble at all then they'll soon move on to a less well-guarded server.

This is not my experience - my (work) logs show that we often get repeated attempts at the same script from the same IP address, or from different IP addresses but with the same payload (including the same throwaway target email address) over a period of time.

One particularly persistent guy has returned from the same IP address to the same script with the same payload once a month for at least the 6 months we've been logging enough to tell.

Note that this is just logging the special case where people explicitly attempt to trick the script by inserting things like "some text\ncc: email@address" into random fields that look as if they might make it into email headers.

(For what it's worth, we deal with this by logging such abuse, and blocking offending IP addresses for escalating periods of time.)

Hugo