Email messages can be forged. An email sender can simply change the
"From:" field in their email program, or in more advanced cases, forge
addresses through the SMTP protocol, inserting any email address in the
"MAIL FROM:" section of the message.
Spammers often harvest email addresses by spidering web sites or
forums, or through viruses which can harvest an infected computer's
contact lists. They use these harvested address in the "From" and
"Reply-to" fields of their outgoing messages to avoid dealing with the
complaints generated by the spam.
Due to these shortcomings in SMTP and email message sender
authentication, there is little that can be done to prevent this type
of abuse. While we seek to incorporate technology
that will help prevent these types of abuse, there are currently no
100% effective solutions.
If complaint messages are being directed to your inbox via email
addresses that do not exist, you are receiving them due to the catchall
email address being enabled. We recommend that you disable the catchall
configuration so that these email messages do not make it to your
inbox. The messages will then bounce, letting other mail servers know
these are not valid email addresses.
If the messages are coming directly to your inbox through a valid email
address, unfortunately all we can recommend is that you consider
changing your email address, if that is feasible. Usually this is a
temporary problem, but if it continues over an extended period of time
you may consider adding an SPF record to your DNS. There can be
negative side-effects to an incorrectly formed SPF record however, so
we only recommend using SPF if you are comfortable with its
configuration and implementation.