What to look for in Email Headers to determine if your account has been compromised. In the headers, you should be looking for something like this:
Received: from [22.214.171.124] (126.96.36.199.servername.com [188.8.131.52])
(Authenticated sender: email@example.com)
by something.servername.com (Postfix) with ESMTPA;
Fri, 23 Oct 2020 19:28:23 +0000 (UTC)
This is just an example using fake information, but the key thing to note here is "Authenticated sender". This means the email was sent after authenticating the sender by means of username and password, therefore, it was actually sent through the outgoing mail servers using the email account login credentials. This is when you should run a full system virus scan and change your password as mentioned above.
If you're being spoofed, here are a couple of things you can do to stop the spoofing activity. Keep in mind, there is nothing you can really do to stop it once it's started. The bounced emails you receive may contain some information that could be used to try to track down the original source of the email. They often come from infected computers, so the chances of finding the exact location of the spammer are pretty slim. You may be able to find the IP address of where the message originated, find out which ISP it belongs to, and see if they would be willing to place that IP address on a blocklist, however, they may not be willing to do that, and if they do, the spammer could simply move to another computer with a different IP address.
Also, please avoid clicking on dot doc word documents from spammers or email senders you do not know based on the email headers discussed above, they may contain serious viruses.