In the last few days, it seems like a lot of spam is going out to people with a bogus e-mail address (the domain name at the end is ours). So, we're getting the bounce-backs.
1) Are these e-mails going through our mailenable server??
2) Any way to block them?
3) Is this called "spoofing"?
Your MTA logs should show whether the mail is actually going through your server or not. If it is, you need to secure your server, as you might have an open relay. If it isn't, then you should consolidate your domain's identity by using SPF and DomainKeys/DKIM.
Get SPF running now as it does not "cost" anything in terms of setup, just a little DNS change. DomainKeys is good but from what I see, the takeup on it is not as large and as quick as SPF.
This is a very common way of sending spam. I have had this problem on one of my domains before. There is not a lot you can do to be honest. SPF will be your best bet, but you will have to hope that the takeup gets a little more for it to be really good.
Does SPF do any good if it's not going through our mail server?
Yes. Any MTA with SPF functionality will either drop spoofed messages, or else mark them as spam. SPF is basically a way of declaring which IPs are allowed to send mail for your domain.
