You can report those spam/spoof/phishing/pharming messages to http://www.antiphishing.org/ or to http://www.castlecops.com/pirt
Reporting spoof messages is a task unless you are willing to volunteer some of your time in reporting. Good for the community
As for your other question, you can use a program that will alert you if there is email communication going on without your consent.
Always scan the system using up-to-date antivirus and antispyware because some malware spreads itself via email.
I usually empty my spam box as soon as I know that nothing legitimate got caught by mistake. But I wonder. . .if I see that a piece of trashy spam came from an obviously reputable domain and is clearly a spoof, is there any point in notifying the company that somebody is spoofing their domain name? Can they do anything about it, even if they want to?
For that matter, on occasion I have gotten a mail failure notice such as "your message failed to get through to (address)" I never sent anything to that address, so I suppose that means somebody spoofed MY domain, right?
What can be done to lock out spoofers?