Does the attack go entirely through nations (including starting and ending servers) where maliciously hacking servers is legal? (The Phillipines is promising: hacking is legally undefined (thus legal) there. Fortunately, even the Phillipines pays attention to property damage).
If not, may I suggest something more effective: a UCE bouncer email client. Apple's default email client for OS X has this feature (manually configured), so it should be legal most places. (The client must, of course, use the real from path, rather than the From: header, which is worthless.)
Even if the UCE specialist used 3rd party relay to launch his emails, you would be motivating that ISP to fix their config files. Otherwise, you're persuading the UCE specialist to remove the dead email.