Dear Ivor,

You are referring to sender forgery, which is very common on the Internet and can be easily done. Do you have an SPF record created for your domain? If not, do it. Additionally, I'd also recommend you create a DKIM and DMARC for your domain. Check http://xeams.com/spf-dkim-dmarc.htm for details.

SPF will help Xeams detect forgeries and this won't happen.