Mails sent with a false mail address cannot be countered, anyone can send a mail with the presentation address of his choice (his own address, noreply@domain, support@, or an existing address). This is a feature of the SMTP protocol. However, this identity theft is not complete because the address displayed is only on the MIME header (the one that appears in your mail client), and not on the SMTP header (the one that allows the transaction with the server when sending).
To use a simple image, the return
address you put on a postal envelope can be whatever you want it to be (e.g. an
address in China), but this will not change the actual source of the mail (e.g.
your post office). This type of spam, where the sender and recipient email
addresses are identical, is popular because they can pass filters if your
address (or domain) is whitelisted.
If the SMTP address is also spoofed and passes despite our anti-spoofing filter described above, then it may be worthwhile to enable anti-spoofing at the admin console level. You can refer to the console administration manual or its online help for more information on implementing this option.