I think the most important aspect of your question is to not trust a tool. The tool might flag domains/URLs as spam or manipulated links but the most important thing is to manually inspect each domain. I have had reports from tools where the domain in question is actually not a problem at all when inspected.
If you are getting 404, 403 or 503 error messages the links are gone. You wouldn't be penalised by Google for these because they no longer exist. There is no need to disavow because they don't exist, but you wouldn't be causing a problem if you did. The potential issue is that those header responses 'could' change back to a 200 found. I'd be inclined to monitor them at this stage and add to the disavow if the status changes. A 503 header is a maintenance response so that may come back and you would want to check what you'd be disavowing, as the link may be good.
With regard to disavowing all the links. If you have a toxic link profile you have an issue you need to address and resolve as quickly as you can, so if you determine there are 100 toxic links/domains you will want to add them to the disavow in one hit and hope that you have captured them all.
But please be aware that if some of the links are just a bit spammy/low quality then Google looks like it takes the view to ignore those links anyway.
Some things you need to manually check are:
- the relevance of the link
- the quality of the content
- the anchor text (e.g. have you got exact match, close match anchor on multiple dubious quality posts)
- the ranking of the page/domain
- the placement of the link on the page (e.g. is is a site-wide footer link).
- the quality throughout the domain
- is the link paid for but dofollow (e.g. are there signs on the site that content can be somehow 'purchased', advertorial)