Email spoofing is when the email header's "From:" line is modified to something other than the actual original sender. A common sign that your email address is being spoofed is getting tons of spam return messages (like Failure Notification or Mailer Daemon) for emails you never sent.
One of the features of a standard SMTP server is the ability to modify the email header to be from any address. This is a convenience built in so the address is easy to read (like "email@example.com"). This feature is often exploited by spammers trying to mask where they are sending from. How Do I Stop Someone From Spoofing My Domain? Unfortunately, it will not be possible to stop someone from using your email address as the from address. The reason for this is that the from address on an email works similarly to a physically mailed letter or package. You can physically put any from address on a letter sent via the U.S. Postal Service. The post office does not even check if the return address is real. It is similar with email.
There are methods to help alleviate the issue, that will be discussed below. What Happens When an Email is Spoofed? When emails are set to be from an email address on your domain and bounce, they are sent to our servers, attempting to deliver themselves to that mailbox. Generally, you will never see these emails; however, if the email spoofer happens to configure the "From:" header to be a real email box, the bounce will come back to your mailbox and you will receive the email.
Luckily spam filters and ISPs know that and do not penalize people based on the from address. They instead use IP addresses and other indicators to decide who to ban. So unless the spam is coming from your email account, server or hosting account, you would not be penalized for someone spoofing your email address. Individual users can still filter or block your email address, but modern spam filters do not work that way.
These email spoofers are tracked down from the server that is used to authenticate from originally. That server gets reported to ISPs and Email Realtime Black Lists (RBLs), and the spoofing emails stop.