Cloudflare will be passing on the abuse reports to the hosting providers behind Cloudflare, for DNS record(s) that are set to Proxied (), and being served through Cloudflare.
However, -
There are no DNS record(s) (e.g. AAAA or A) in that output, and as such, no web traffic will be over Cloudflare, for that specific name.
As a result of that, there is nothing for Cloudflare to pass on in this instance.
Can cloudflare not do anything about the fact that the domain’s name servers are being served through cloudflare and the domain is being used for sending malicious email?
Who to contact in regards to abuse depend on what kind of abuse it is, how it is done, et al.
You will need to check the email headers, and identify the first “untrusted” IP address, in the reverse order of the message transmission, e.g. the one that delivered the message to your email provider.
Make a WHOIS lookup on the IP address.
Identify the abuse contact email address from WHOIS.
Send an explanation of the issue to the abuse contact email address, including a full and non-redacted copy of the message and it’s headers, which can be done by most email clients via the “forward as attachment” feature.
As Cloudflare does not operate any email sending service, this one also falls out of the scope of where Cloudflare would be able to do anything.