@James-Creen I wanted to follow up on this real quick. E-mail address spoofing is a pretty common occurance. The main reason is that authentication is not included in the SMTP standard for transmitting e-mails between servers. Unfortunately, that means any user can spoof the e-mail address of any other user if they desire. For example, if you use Microsoft's SMTP test process you can insert whatever address you want in the MAIL FROM step.
There is no way to prevent other users from doing this. The closest thing you have is creating an SPF record in DNS that defines which e-mail servers are allowed to relay e-mail for your domain. You can see if you already have an SPF record over at MX Toolbox. Google has posted instructions on how to create an SPF record to support Google Apps. Once the record is in place, any receiving server can do an SPF lookup to verify the e-mail is coming from a legitimate source. It isn't perfect, but it is the best we have for now.
The super-secure method to solve the problem is to PGP sign all of your e-mails and tell recipients to reject any un-signed message from your account. Getting end-user buy-in for that is next to impossible, though, so the SPF record is the only practical option for now.
Hope that helps,
Don Pezet
Host, ITProTV
