If you don’t run your own mail server, and your host service does, you may want to talk to them about disabling “relay” on thei Email server.
This is different dhayman. You don’t need to use my email server in order to send an email that appers to come from my domain.
What a spammer will do is find an unsecured email server – like you described – and then he can push mail through it with any From: address. They choose a real, legitimate domain because it makes the email look more authoritative and it also bypasses some spam filters. Also it means they don’t have to deal with the millions of failure notification emails that come back – they leave that to us to do!
So there’s really nothing you can do about it; even if your email server is 100% secure, any spammer can forge your address and send it through a different server, and then leave you to clean up.
Fortunately it should be nothing more than an annoyance – it’s so common that no-one will actually believe you sent the mail, so no flack comes back to you. Or at least it never has to me.