I run a Joomla! website. One of the contacts (a staff member listed on the website) is reporting to me that one of her Outlook email contacts is getting Spam from the website. Now that staff member works from a laptop with Outlook and emails do not go via the website but our ISPs email servers. The website contact list is essentially separate from day to day emailing and is only there for enquiries for website visitors.
I am trying to work out how the Spam source may have got the Spam receiver’s email address from the Outlook contact list or is it coincidence?
Unfortunately this happens all the time, the real problem is that there are free products which can mass mail spam and spoof the senders ID to it looks to the average person that it comes from whatever location they choose to enter. While spam filters are getting better at dealing with finding scams or fake mail, it’s very easy to spoof the sender address, the recipient address, CC addresses and god-knows what else! 
PS: My advice - announce that people are sending spam from a fake address pretending to be you and put something in your emails to show their authentic!
if she doesnt have a virus/trojan on her laptop i would say it’s a coincidence, but if she had a virus/trojan there, then why didn’t all of her contacts, or at least more than one get this spam. so i would say, it’s a coincidence.
…and “everyone” can send everyone an email from everyone/every website address. blame it on the old mail protocol…
they have probably been harvesting url’s and email addresses for use on a bulkmailer, and one of the url’s/emails harvested and used was from your website.
sad thing is that if they are using a sophisticated bulkmailer, they are most likely hiding behind some proxy’s.
if this is the case she can be one out of thousands of people that have received this spam…