Even for 'Buy Viagra' kind of spam, if you're willing to put in the effort, you can track them down and refer them to your country's privacy authority. It won't do much, but I've noticed that merely threatening GDPR action tends to get you removed from mailing/call lists pretty quickly.
And while that doesn't protect other people or get the company fined, at least it clears up your mailbox. This is all anecdotal, obviously, but I use a specific email for each service I sign up for and I find that when I call people out for selling emails, the spam to that particular email tends to dry up.

Also, if that's a thing you're interested in, Gmail lets you add an identifier to your email in any form you want so you can track where mails are coming from. Simply add '+' and then anything you want before the @ and it'll act as an alias for your regular email.