The question as posed is difficult to answer, but as it happens I have for the last 10 days or so been running p0f against all port 25 connections to mail-in-01.lug.org.uk, the mail server that sits in front of all email addresses @lug.org.uk and @mailman.lug.org.uk.
If you weren’t aware, p0f is a passive operating system fingerprinting tool which makes an “educated guess” about the operating system at the other end of a TCP connection based on the characteristics of SYN packets sent. It’s a bit like nmap‘s fingerprinting, but it’s totally passive, i.e. it works on data the other side normally sends to you, without making any sort of probe itself.
What all of this means is that I have a very good idea of the operating system of every machine that has tried to send an email to lug.org.uk users in the last 10 days.
The rest of this article can be read over on the wiki, but the executive summary is: during the ~10 day period of monitoring, over 90% of unique IPs sending mails that scored 10.0+ in SpamAssassin were associated with hosts running Windows.