1) How will the sender be notified? If with a REJECT result in SMTP, no problem, BUT:
Many of the spam tests occur after the message has been received, so a Non-Delivery Report (NDR)will be generated if the message is blocked. At this point, you have to worry about whether the return-path address is valid or not. If the return-path is forged, then your NDR becomes backscatter spam. This risk can be minimized by setting <System Admin>... Settings... Antispam... Options (tab)... Options (section)...
Autoresponders = "Require Message pass SPF"
2) How much do you trust your spam filter?
If it is usually correct, why do you want to notify the sender that you have concluded that he is malicious? I don't talk to criminals, it only encourages them. If you are unsure of your spam result, send it to quarantine instead of blocking it.