Either they are sending from your domain (from your mail server) or just abusing your domain in their return e-mail address. The first can be "easily" handled by requiring that your e-mail server validate the sender's credentials (username and password) - if you're on a VPS/dedicated plan. If shared, you'll have to ask the host to require valid sender credentials. Of course, it's possible that you've been hacked to have a look at your files - better yet, ask your host to run a maldet scan on your account. Okay, return e-mails mentioning your mailer would indicate you've been hacked to get on the maldet scan ASAP, change ALL your account and FTP passwords (use http://strongpasswordgenerator.com) and delete/upload from your master file set all .js, .php and .htm(l) files.
If it's just bogus reply to e-mail addresses, all you can do is ignore it (or report these to Spamcop.net - they look into the header information of the e-mail and report abuses to the sender's server as well as the host for any website linked in the original messages).