This article is for cPanel Accounts. Determine where your account is with this guide.
There are a couple of levels required for troubleshooting of this issue. First, you need to determine the difference between spoofing [which is not usually coming from the WestHost server] and an actual hacked e-mail account.
Spoofing is like writing the return address on an envelope — you can send that letter from any mailbox and you can write whatever you would like in the reply-to line. Spoofing is usually the random act of a spammer on another server and does not usually indicate that the account is compromised. The best way to combat spoofing [though there is NO GUARANTEE] is with an SPF or sender policy framework record. An SPF Record can be created in cPanel >> Email Authentication.
You can retrieve the e-mail headers from an e-mail with some help from this guide:
http://community.mxtoolbox.com/blog/2009/05/18/how-to-get-email-headers-a-guide-from-mxtoolbox/
A review of the e-mail headers can help you see if mail is coming from your server IP address or an IP not associated with your WestHost account.
If an account is compromised and mail is being sent through your server you will want to scan any machine that connects to e-mail for your account to ensure that a virus or malware isn't running in the background. Then you would update all passwords for your account and make sure any site applications you were running are updated to prevent security vulnerabilities.
Contact Support if you have further questions.
No worries, Our experts are here to help.