I struggled a while to understand how to prevent spammers from using your mail addresse in the to and from field when sending spam. If you look at the SCL value it is assigned -1. This means that it will bypass all the scanning filters on Edge server. The way to prevent this is to block your own domain under Sender Filtering on the Edge server. For many this makes no sense, but this will not prevent any normal mail since your internal mail will never go out to the Edge server. And outgoing mail is not considered as spam.
Another great tip is to establish a Sender ID SPF record for your mail domain.