Why am I receiving junk mail from my own email address?

They place your email address in the from field because lots of email program are not that smart filtering spam. Web based mail is a bit more effective at stopping spam, but even it can't catch them all. A solution that I've used for years is Mailwasher, which is a stand alone program that all it does is attempt to stop you from seeing spam in your inbox.
You can set up filters in most every mail program/webmail that is out there, But they are usually limited in what they allow the end user to filter by.
To get into some Deep detail. There is a lot of information in your emails that is not displayed generally. You can view the raw email or "Source" and see a lot of this information in the header or Top of the email. This is even above the from and to entries.

Here are some of those header items.
Return-Path This line will have where it was supposedly sent from. Using the example email address of jsmith@gmail.com as the receiver of this email The line might actually jsmith@yahoo.com or something completely different.
X-Original-To will probably be your email address in this case jsmith@gmail.com
followed by
Delivered-To Which WILL be the receiver's address (ie jsmith@gmail.com)
The Big tattle tail line is
Recived:
This line shows the route the email took to get to you. It's added to along the way from sender to receiver and can't really be spoofed easily.
it might say something like this.

Received: from host223-150-38-89.static.arubacloud.fr (unknown [89.38.150.223])
by mx7.gmail.com (Postfix) with SMTP id 706BD3FBE5
for <jsmith@gmail.com>; Fri, 28 Oct 2016 16:28:12 -0700 (PDT)

If you can view this line it will tell you where it came from. In this example France. (the .fr on the end tells me that. Or you can look up the ip address in the brackets)
There are additional lines to the header like X-Mailer: which in this spam email I'm pulling this from as an example says "X-Mailer: Microsoft Outlook Express 6.00.2600.0000"
that's the supposed program that generated the email. This line CAN be spoofed and in this case they did it badly because Outlook Express is out of date but they never bothered to adjust their spammer program to spoof something that's a bit more up to date.

Again Mailwasher Pro combined with the custom filters created by Wizcraft are a great starting point.
If you run mailwasher first it will examine your emails and even let you safely preview an email before it ends up on your computer., Mailwasher has a learning system installed and as you start marking your emails as good or bad, it will learn what to expect. Mailwasher is free for a single email address.

Yes I'm blowing the program's horn on this, but it does the job great. I use it on an email address I have had for over 18 years and will commonly see in excess of 200 emails a day, I sometimes get that many over night! But I don't see them when I go to look at the mail I want to read because they have been removed.

Spammers can put any return address they want in the From: field. In fact, anyone using an email program like Outlook or Thunderbird can do the same thing. They can put your address in there. They can put president@whitehouse.gov. Anything they want.

This has a few ramifications. One is, you cannot trust the From: address of any email. (This is not strictly correct. But, close enough for the purposes of this discussion. See below.) What *that* means is that you have to be skeptical even of email from friends and family. You also have to be skeptical of emails from people you know who you consider to be computer experts.

For example, I have told friends of mine that if they get an email from me that says, "Check this out!" then it's probably not from me. I will always add something to the email that proves that I'm the one who sent the email. Usually, referring to something we spoke about recently.

How would a spammer get your friend's name? Usually from joke emails. What happens is, someone gets a joke email and forwards it to, say, 20 friends. So, now there's an email on 20 computers that has your email address along with 19 others. You didn't send the email. A friend of yours did. Then, maybe four or five people forward that joke on to 20 more people. Now, your email and those of your friends are on about 100 computers. Repeat that a few times, and pretty soon your email is on thousands of computers of people you've never heard of.

Eventually, that email will get forwarded to a machine that is running a spam program. The spam program will take two email addresses near each other in the list and put one in the From: field and the other in the To: field. The idea being, if the addresses are close to each other in the forward list, then maybe those two will know each other. And, maybe one of them will trust the other enough to follow a link or open an attachment.

In your situation, it was a programmer being lazy. Instead of using a different email in the From: he just used the same address in both. I don't know why anyone thinks that will work. But, for you, that makes it easy. If you see an email from yourself that you didn't send (I often send myself reminders, since I check email on a desktop at home) then you can just delete it, as you have been. It does not necessarily mean that your account has been compromised.

Now, there is something called "Sender Policy Framework" aka SPF aka email caller ID. It was supposed to limit the email servers that were allowed to send an email that contained a given domain in the From: field. Unfortunately, the way they implemented it means that almost nobody uses it. There ended up being too many situations where people were using a 3rd party server to send their email. There was no way to cheaply (in network and organizational terms) verify that an incoming email from a server different than the domain was legitimate.

For example, I have my own domain, but I have set my email programs to send outgoing email through my ISP's servers. The reason being, it is far less likely that my (very large) ISP's servers will get blackholed. Whereas, my web host's servers might, if some spammer takes over a domain on the same server as me. There is no mechanism in SPF for me to say, "I know that (large ISP) does not have SPF enabled on their server, but I want my outgoing mail from there to be seen as legitimate, anyway. But, anything that's not from either my ISP's or my web host's servers should be considered spam."

So. There are some people who *only* send from their own email server. They can turn on SPF for their email server, and some receiving email servers will check for that. But, that turns out to be a very small percentage of domains. So, the vast majority of From: addresses are completely unverified. So, we users have to remain vigilant.

Drake Christensen

Include in your address book a fake name and email address. If you ever receive an error message and the email is returned, you'll know your account has been hacked.

But here is more detail just in case:

Many spam filters will work off of your contact list so, if some return address is on your list, it will (maybe) have a better chance of getting through your spam filter. Also, if you decide to reply to the spam, YOU will get the email. You won't be filling the spammer's inbox with stuff.
Here is another thing that started in the 1990's: malware! Let's say a friend of your has certain types of malware that capture information from emails such as To: or CC: addresses and then sends the information to a spammer. The spammer then sends mail out using all of the information they got from your friend's computer and the FROM: address for that email is selected from the list. So, if you get emails from people that you don't know complaining that you are sending them spam, nicely ask for a copy of the email and tell them it was generated from someone who has malware and not you.

But Grift is right. The main reason is to fool spam filters. What do I use? I have a "remailer" (http://www.pobox.com) and they first receive my mail, eliminate spam depending on how strong my settings are, and then send the good mail to me. I have it set low to avoid false positives but they also send me a report on mail that was blocked so I can check for false positives and release mail, if necessary. I also have Norton Security which has a spam filter.

There is no "trick". In Internet TCP/IP anyone can send an email and put anything they want as the From: address. There is nothing to guarantee that the address is even real.

... at least what you tell us is no evidence of that. Here's how it works - some of what I'll say will repeat some of what others have already said:

The main reason this can happen is that anyone can send emails via any number of SMTP servers (SMTP is the protocol for sending emails) that are publicly accessible. And you can put any email address in as a sender - even ones that don't exist. This latter option won't work with some corporate receiving email servers any more, because they now - in self defence - check whether there is at least a DNS entry for the domain you are using and reject mail from unknown domains. What remains is that any valid email address - however they came by it - can be used by spammers and pranksters and fraudsters as a return address.
You would normally not notice that unless you receive spam from an address you know. And when you ask the alleged sender s/he won't have a record of that mail, because chances are it wasn't even sent via their mail provider. And, yes, you could also receive fraudulent mail that appears to come from yourself.
These apparent "hits" usually can be explained by the way email addresses are harvested - a mutual friend sends out a mail to a number of his/her acquiantences and the whole distribution list gets harvested together. The baddies then hop ethat you are more trusting of emails that appear to come from a known and trusted sender. That they pick your own address is probably due to an oversight or an excessive amount of greed.
Another thing you may find from time to time that also gives you a glimps of how this works is a "delivey failed" message from a completely unknown party. It happened to me at my work email address (and the company I work for has close to half a million email addresses in its domains and the admins there are absolutely meticulous about keeping all that squeaky clean.) Still, one day I started getting mails from various "postmaster@xyz.com" type addresses about the address "xxyyzz@xyz.com" being unknown and the mail sent by me at hh:mm on mm/dd/yyyy being undeliverable. The attached mail is a classic spam or phishing mail or one of the "open attachment urgently" variety (how telltale can you get?) - something I have never before seen in my life. But as I said already, that mail never saw my mail server before. It was sent from somewhere else but had my return address on it. Needless to say that xxyyzz@xyz.com may have existed once upon a time, or it was a typo in that harvested distribution list.

Let us just console ourselves with the thought that the mail protocols that make fraud like this so easy were created at a time where everybody on the internet could still put absolute trust in everybody else on the internet, and in the case of some of us that we were around then to enjoy that.

Sandy, you do know that Yahoo Mail was compromised and a lot of passwords were stolen, right?

The first thing you can do is change your password immediately if you haven't done so in the past 3 to 6 months as Yahoo has been notifying everyone to do.

The second thing you can do is use a computer to log into your account and mouse over "your address" on any particular spam message to see what shows up in the little box that appears. You don't have to open the email to do that.

If it's your address that shows up in that little box, then your email has in deed been compromised and is being used to spew spam. In addition all of your contacts have likely been harvested, as well, and are likely being used to spoof spam from. Changing your password on a regular basis will be a big help in putting a stop to your own account,itself, being used nefariously.

If anything other than your own address shows up in that little box, then your address has been harvested by your own account being compromised and/or someone else's email account being compromised and their contact list harvested. In this case your address is being "spoofed". Learn about that here: https://en.wikipedia.org/wiki/Email_spoofing And then use the information there to do searches and learn some more. There is no such thing as knowing everything at any one time because spammers and other nefarious parties think of new things to do to carry on their nefariousness on a constant basis. It's a constant cat and mouse game between us good guys and the bad guys looking to skroo[sic] us over.

The third thing you can do is go ahead and open the email as long as it is in the Spam folder and view the Full Header of the email. Learn how to do this at https://nz.help.yahoo.com/kb/view-header-sln22026.html and how to find and use the information you see there to figure some things out as to what your next move would be. Changing a password, again? Or chalking it up to simple spoofing which dictates just deleting the email.

All that said, now that your email address is out in the wild there's no stopping it from being used to spoof email from. Therefore, you can expect to see spam coming from "yourself" for quite a while and then on a sporadic basis as lists of harvested email addresses are sold and passed around in spammers circles.

As spammers get cleverer so the spam filters used get more aggressive and complicated in order to control them. This results in many more valid e-mails trapped by them.
In addition, one of my e-mails, generated in Windows Live Mail (WLM), now must pass through 4 filters - my AVG virus/spam checker on my PC, my ISP (BT) filters, the recipient ISP filters, and the recipients own PC filter, thus increasing the chance of it being labelled SPAM. The e-mail can therefore safely arrive in the inbox, can arrive in the inbox with a SPAM tag on the subject line, can arrive in the spam/junkbox, or not arrive at all. I am experiencing all 4 conditions, varying with the ISP and onboard software in use.
BT don't want to know, having found out I'm using Windows Live Mail. Gmail recently blocked all my e-mails processed by WLM saying its security was not acceptable to them (I had to sign a waiver). AVG say its not their fault.

E-mails, especially through offline software like WLM, are now very unreliable. I need to keep a secure archive of my e-mails through changes in ISPs - online web-mail wont give me that. I realise ISPs will increase their revenue if I go to webmail, but my risk of the baddies getting to me also increases the longer I'm on-line.

Why wont the ISPs go for the spammers rather than kill my e-mail system with filters?