How to stop spammers from sending spam as me

Short Answer: You can't.

For more info, this gives a basic explaination as to why.

This shows how easy it is to do. It's just the nature of SMTP, it's insecure!

Just because an email appears to come from somebody, it doesn't mean it did.

You could set up SPF records for your email domains, however this will only have a limited effect, if any.

Tech support is wrong. There is nothing you can do to stop someone else sending email as if it came from your account(s). Only the receiving system can do anything about it. Measures such as SPF, DKIM and the like help the receiving systems validate senders but such things are not a requirement by any standards and those systems which enforce such things are in fact very broken.

If mail systems did proper checks of the headers to determine whether or not the sender address has been spoofed they could either send an NDR or just quietly drop it based on the results. This wouldn't have any effect on the problem of sender spoofing but would stop us receiving NDRs for messages we didn't send.

For now, just get used to it. It's a normal part of daily life on the Internet and is unlikely to go away any time soon.

As others have said, you can't stop the spammer from using your address or do much to prevent the receiver from sending you a bounce. Those receiving servers are already misconfigured at least one way: they should have rejected the message without accepting it. That would make it the sender's job to produce a bounce, which the spam software is not going to do. Instead they accept it and later reject it with a bounce. It is probably too much to hope that they'll implement SPF or similar systems.

With SpamAssassin you can use http://wiki.apache.org/spamassassin/VBounceRuleset and set the score for ANY_BOUNCE_MESSAGE (somewhat misleading name: it's any fake bounce message) to a nonzero value. That will save you from having to see the bounces in your inbox. It appears to be at least somewhat effective: In the last 72 hours I've classified 44 messages (out of 11368 spam messages) to my personal address as ANY_BOUNCE_MESSAGE spam.

You need to consider whether the spammer has sent the email from your address to a billion other addresses, or whether the spamming engine they used to send the email used the recipients own email address in an attempt to foil spam filters.

If the former, you may have a big problem with reputation (unless you actually are a Viagra salesperson). But I think the latter is more likely, and the solution to that is to look at your own spam filtering solution.

How can you tell which has happened? Are you (or your postmaster) also getting bounce messages containing the spam as an attachment or fragment in the body? If so, then your email address has definitely been used to send the message to many recipients. If you aren't getting bounces, it doesn't guarantee your address wasn't used, but it suggests it either wasn't, or the message didn't go to that many people.

As many correct answers express you can't avoid it (unfortunately!), other answers point out correctly that you could talk to authorities, you should but this things are complicated and take time and money.

The only thing I would like add then is that you should instruct your clients and providers, tell them about this situation and that there is nothing you really can do about it. Ask them bo be aware and to contact you directly if they have any suspicion.

Try to find out what possible vulnerabilities they could be searching for? i.e trying to get passwords or credit cards, warn the people around you about this specifically and how are the usual procedures so that they can be suspicious.

Good luck!

Sue them. Sending spam messages and impersonation is illegal, so trace the spammers and report them to the police.