Possible mailform hijack - or just fake 'from' address?

Having just received more than a dozen ‘delivery delayed’ and ‘undeliverable’ emails, I’m wondering whether my on-site mailform has been abused or whether someone is sending mail with a faked ‘from’ address which corresponds to a domain of mine.

I’ve had sporadic instances of this previously - about which I’ve done nothing as I wasn’t sure what to do/was too busy/couldn’t be bothered. But this quantity makes me take it more seriously.

Obviously the potential for getting my domain mail-blacklisted bothers me - and as there’s little I can do about others sending stuff with a faked ‘from’ address, the issue here is the possible mailform hijack.

The subjects are jibberish (example: “Hjcevpj Pumjr Uuxszpr”), but I’m wondering if this might be because they’re being sent in a non-English charset, and the recipients are varied.

Here’s an edited example header of the ‘bounce’ messages, which shows my glvr.com domain as the sender:

Received: from vourpvqu ( by mail.clstechnology.com
( with Microsoft SMTP Server id; Mon, 10 Jan 2011
13:31:07 -0600
From: Zhgagoo <scnrgy@glvr.com>
Subject: Omwcfnnsb Svnztqyg
To: <master@hzshucai.com>
Content-Type: multipart/mixed; charset=“GB2312”;
MIME-Version: 1.0
Date: Tue, 11 Jan 2011 03:29:42 +0800
Message-ID: <a7f1dcdf-d1df-482e-a4d8-ecb5e11892b7@CLSSERV1.cls.local>
Return-Path: scnrgy@glvr.com
X-MS-Exchange-Organization-OriginalArrivalTime: 10 Jan 2011 19:31:07.4458
X-MS-Exchange-Forest-ArrivalHubServer: CLSSERV1.cls.local
X-MS-Exchange-Organization-AuthSource: CLSSERV1.cls.local

All have the same mail.clstechnology.com component, despite being sent to different domains.

You can make sure domainkeys and spf are set up for your domain to improve rejection of faked senders

Not sure something can be done about this, as “From” field can be custom.