Spoofing is one of the oldest tricks in the fraudulent schemes.
Most of the spam you recieve is sent from the web servers of non-tech-savvy web Admins who leave their SMTP ports unprotected.
Even you can do it
. Just find an SMTP server that allows sending public email.
You can find guides on the internet telling exactly how to spoof your email.
Its just a set of commands typed sequentially using the command prompt built into your computer.