But this is trivial to spot if you check the full headers. Have you (er Not Myrthos but the victim(s)) checked the full headers to see where the email originated from- Here is a small example:
X-Original-To: my_email_removed
Delivered-To: my_email_removed
Received: from qmta09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [76.96.30.96])
^ anything after this line other than destination email could be faked
by my_email_machine_removed (Postfix) with ESMTP id 7A6ED82355
for <my_email_removed>; Sat, 7 Jun 2014 11:18:46 -0700 (PDT)
Received: from imta18.emeryville.ca.mail.comcast.net ([76.96.30.94])
by qmta09.emeryville.ca.mail.comcast.net with comcast
id BWJU1o00321qQjwA9WJmh9; Sat, 07 Jun 2014 18:18:46 +0000
Received: from sdkvoairsrfds.lilaceousgnu.info ([IPv6:2001:1608:10:25::8d13:cead])
by imta18.emeryville.ca.mail.comcast.net with comcast
id BWJP1o01A2VcWiH0JWJj6b; Sat, 07 Jun 2014 18:18:46 +0000
Received: by sdkvoairsrfds.lilaceousgnu.info id hidboc17rvob; Sat, 7 Jun 2014 21:17:58 +0300 (envelope-from <46423026572455.67492237099582633661@0437249.sdjaoijg.lilaceousgnu.info>)
Message-ID: <47522546.035304@sdjaoijg.lilaceousgnu.info>
Date: Sat, 07 Jun 2017 18:17:58 +0000
From: "Comprehend Foreign Language" <Notification@sdjaoijg.lilaceousgnu.info>
^ This is the 'fake' email address' that you see with your email program
As I mentioned in the other thread, anyone can send an email using any email address as the sender. It is called email address spoofing. This cannot be prevented by itself, but If the receiving mailserver and the spoofed mail server both have DMARC setup correctly using DKIM keys, it can be flagged correctly as spam. This is not something you as a user can do though, only your email provider can do that.
I really doubt your email account has been hacked though, certainly not because of any security breach here on RPGWatch.