Spamming involves leaving a traffic footprint indicating higher volumes of port tcp/25 (SMTP) traffic towards internet mail servers. A report from an external email administrator, or spam service makes a credible complaint regarding a specific host within the organization.
Hosts suspected of this activity are usually infected with malware, which tends to participate in a botnet. The malware can be difficult to identify or remove. Hosts suspected of this activity should be removed from the network and checked for signs of compromise.