In the reply, I'd probably include 1x1 pixel hidden tracker image or maybe a legit looking logo below signature and get the client ip of the scammer's computer when it does http GET on it. The ip can tell more about where they're located.
Reverse Captcha? Send an image, ask them to email you at the address in the image -- at that point their handlers will likely decide you're too much trouble and you'll be ghosted.
