@worriedguy In my experience you probably at least got the spammer’s account shut down. Many if not most hosting providers are quick to suspend accounts on even basic evidence of spamming and to subsequently cancel the accounts unless the account holder shows that they are innocent or have mended their ways. Sadly, it’s very, very, easy for a spammer to just move to another account with the same or another provider and to keep up their old tricks. This assumes they are actually sending the spam through their own account, which many do not.
To stop email hijacking among friends (that is, known regular correspondents) consider encrypting all email between such correspondents. Gather face to face, sign each others’ keys, and then configure your email client or MTA to reject mail from each address without the proper key.
There is a lot you can do about this sort of thing if you run your own email server. It’s not so hard as it used to be, but it’s still harder than using GMail- so most folks won’t do it.
There’s relatively little you can do when you don’t have your own server, and most of it has been covered by others in this thread.