At one point there was a domain spoofing prevention measure put into effect called SPF...
SPF: FAQ/What is SPF
I think hotmail began enforcing this a few years ago...
Additionally you might want to make sure your server requires authentication before email is sent out. In some cases you can connect to anybodies mail server and send email in any manner you please. I believe the technical term is called "open mail relay"...
Open mail relay - Wikipedia, the free encyclopedia
Other than that... perhaps there is a form on that persons website which is being exploited. If the website sends out any email from the email address the spam is being sent from it would be the tip off. You could check your server logs for abuse. Typically if a spammer gets a hold of a poorly secured form on a website they will let loose...