Spammers often make email look like it was sent by someone you know or trust. That's called "spoofing". It's possible to do because the "SMTP" protocols used by email servers across the Internet do not require authentication. The anonymity that spoofing provides helps spammers gain the trust of recipients (via "social engineering") to get sensitive information from them or steal their money. It is even used to spread false information, for example, to discredit the sender.

Spammers also use spoofing to prevent recipients from being able to find and report them. Because the spoofed address is often a real one, the owner gets bounce messages and angry replies to the spam campaign. While it's possible the actual account was compromised and the campaign is originating from the sender's mail server, it's more probable that the address was simply "spoofed", and the spammer will move on to another victim.

A framework that helps prevent email spoofing is called "SPF". Read more about it here.

Other Resources