mjc,
Try getting a copy of the full headers of the offending email. Look at the IP address and domain name of the sending server. Then, check your smtpfront-qmail/current logs for any transactions to the address in question.
This should at least verify whether or not your server is the culprit. We get a ton of "spoofed" email which appears (to the casual or unsavvy user) to be coming from one source but is, in fact, coming from another.