As
safelife said, it's trivial to fake a From: address. They might be using your address but not your account. You need to get the message headers. They're normally hidden but most email programs will let you get to them. Here's a few examples, courtesy of Farcebook:
Received: from facebook.com (hX7fIbia43rVLzfeBy/JRgQSts5Eq+/4D2/ZeRplKmXz3Nf0hTD3jLeB79FQYOQe 10.224.41.53)
by facebook.com with Thrift id 3d1e6630c80f26e398f60012c993eeb0-6b1c94a0; Sat, 19 Apr 2014 15:19:12 -0700
X-Facebook: from 2401:db00:2110:9116:face:0:1:0 ([MTI3LjAuMC4x]) by graph.facebook.com with HTTP (ZuckMail);
Date: Sat, 19 Apr 2014 15:19:12 -0700
From: "Facebook" <
[email protected]>
Message-ID: <
[email protected]>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00] Errors-To:
[email protected]
The Received: headers are the relevant ones. The top-most is the one you can trust the most, then you have to work your way down to see the chain of machines through which the message passed. At some point you'll find where it was injected, with the lines below it faked. It may take some practice to work out this point though, but you may well find that there's no mention of an AOL machine in the headers (or it's below the fake line), which means it didn't come from your account.