Spammers often use genuine email addresses in the 'From:' field of an email in a bid to beat the (mainly useless) spam traps that some ISPs run their incoming emails through.

When I was admin of a relatively small mail server a few years ago, I got more bounced emails telling me an address to which someone from my domain had tried to send an email, didn't exist, than I did actual spam emails. Needless to say, the address at my domain had sent no such emails.

There are two options, 1. bounce the bounce emails back to the admin of the server that sent them to you, or 2. (my favored method), delete them and forget about them.

The chance of someone hijacking your computer to send emails is a possibilty, but if you have a decent firewall, it's a rare possibilty.