spoofed the From field of the mails.
When the messages with spoofed Return-Path are sent to a non-existing account, they are returned to the spoofed address.
Unfortunately, nothing can be done to prevent abusers from forging the
“From” and Reply-to fields of an email. Due to a flaw in the global
e-mail system itself, it is possible to send messages, using any
address in the Return-Path and FROM e-mail headers, and thus the
messages can appear to come from any e-mail address.
Randomly generated addresses are often used as many viruses and spammers use that technique to generate valid email addresses.
Unfortunately, there is no server side mechanism which could cease
these malicious actions. The authorities managing the originating mail
servers of the spammers are the ones who can control these occurrences,
however the spammers and the viruses are capable of maintaining their
own SMTP services as well. The messages sent in those spam waves are
never sent from a single exploited computer they use complete networks
of compromised machines and tracking them down is a futile task.