They're actually not that hard to figure out.
Let's for example pull 3 entries from my Zone Alarm log:
1. ACCESS,2004/08/12,05:30:14 -5:00 GMT,Messenger was blocked from connecting to the Internet (184.108.40.206:DNS).,N/A,N/A
What we have here is an attempt of a program - in this case, Windows Messenger (a well-known channel for SPAM) to "phone home". I have ZA set to prevent this from happening, so this is logged every time WM tries to connect.
2. FWIN,2004/08/12,04:57:10 -5:00 GMT,220.127.116.11:28009,18.104.22.168:1026,UDP; FWIN,2004/08/12,05:00:58 -5:00 GMT,22.214.171.124:1069,126.96.36.199:1023,TCP (flags:S)
These are two attempts to reach my PC from the outside that the firewall has blocked. In the first example, the machine seeking access used the User Datagram Protocol (UDP); the second used the Transmission Control Protocol (TCP). Both these methods bypass the main network protocols and were designed to transfer streams of data securely, making them ideal for the unscrupulous among us to send garbage. The first string of numbers is the IP address of the sending machine (where it's located on the Web). The second string is my IP address at the time of the intrusion (since I'm on dialup, my IP address changes every time I go online).
This is oversimplified, Obsessed, but I post it just so you can get an idea of what the firewall is actually doing. In practice, your concern with malware on your PC is limited to programs trying to "phone home". When ZA tells you that a program is requesting access to the Internet - or potentially worse, trying to set itself up as a server - you should make darn sure that you in fact want that program to access the Web. If not, clock it and tell ZA to remember that in the future.
If you're not sure, block it without telling ZA to remember it, check it out here or by Googling the application, and then decide.
In the case of your email dilemma, none of this is of any practical use. As others have noted, the probability is very high that the emails being sent out in "your name" are probably originating from the PC of someone who's not even on your address book...