(rant)
I was completely taken aback and really did not like their instant assumption that WE had been the cause of all this spam, when I am sitting here doing everything I can to prevent it. I have had Boxtrapper enabled for years, and added in Spam Assassin. Despite those I have had to delete dozens of spams four times a day every day: and they blame us!
It sounds like oyu're mistaking spam received by your email servers for spam sent from your domain.
Running Boxtapper and Spam Assassin, and deleting spams every day--these combat spam messages being sent TO YOU, not FROM YOU.
One of the many things spammers do is they look for Web sites that have weak security (for example, poor FTP passwords, poor Web control panel passwords, outdated copies of CMS software like WordPress or Joomla, and so on), then they secretly install malicious software
on the web server that allows them to take control of the server and use it as a mail system to send spam.
Boxtrapper, Spam Assassin, and so on do no good at all to prevent your server from sending spam by means of a malicious email application installed on the server.
When you get this kind of email message, something has gone wrong and your domain has been hacked. Time to girt your teeth, change all your server, control panel, and FTP passwords, look at all your logs, make sure you're not running insecure software on your Web site, and figure out how they got in.
