I think I tried to do this back when I set these spam-reporting AppleScripts up originally, but I couldn’t find the right variable to set. Turns out I didn’t look hard enough. Here’s the change:
tell application "Mail"
set theMessages to the selection
repeat with thisMessage in theMessages
set newMessage to make new outgoing message at end of outgoing messages
tell newMessage
set content to thisMessage's source
set subject to thisMessage's subject
make new to recipient with properties {address:"spam@uce.gov"}
end tell
send newMessage
set junk mail status of thisMessage to true
set read status of thisMessage to true
move thisMessage to mailbox "INBOX/ConfirmedJunk" of account "[$account]"
end repeat
end tell
Simple enough, no? The updated scripts: spam_uce_gov.scpt and spoof_paypal_com.scpt. You could, of course, further modify the {address:”email@email.tld”} to send wherever you like. If, for example, you have a specific place you’re fighting phishing attempts [e.g., your bank], and you know their phishing address, set one up for them.
Additional Thoughts
I use these two scripts with the excellent Mail Act-On package. I have rules for each: J for general junk mail, and P for PayPal/eBay spam. Actually, my MA-O use is what drove me to seek out the junk mail status flag, because otherwise to train Mail’s spam filter took an extra step. I wish I’d Googled a little harder three years ago, as I’d probably have saved myself an hour of typing and clicking over that time.
Update: These scripts were broken by syntax changes in OS X Lion, but they have been updated.