It is what it is. Analysis of email headers from emails sent to one targeted domain (Nov, 2009 - April 2011). Headers were analyzed to find IP addresses of the sending mail servers. Some of them are compromised, some belong to/leased by attackers. Only Gmail does not allow tracing the senders IP. It is shame, I wish they listed the sender IP addresses.
I can post more detailed statistics, if you are interested, drop me a line.
My dataset is small and not great for industry averages but I still think it is a good representative of the of the situation.
Please note this is based on Contagio data only, which includes targeted messages with malicious attachments meant to compromise networks, steal data (so called APT stuff) and does not include regular spam, banking trojans, and mass mailed malware.