Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
Probably unrelated, domain spoofing is common, but miss-configured mail servers will accept those emails and process auto replies. They can also abuse input forms to try and send out emails, but that typically does not have much control over content.
If you are getting more emails than you can deal with, than can be used to try and mask other emails by burying them in a large email volume. In that case you should be looking for emails from important accounts you do own (eg banking.)