This answer requires some explanation, but the most important thing is that when you see spam both "To" and "From" you at the same time then it DOES NOT mean that someone has hacked into your email account. However, if a friend or contact is getting spam email "From" you then it is quite possible that someone HAS hacked your email account and you should take appropriate action.
These mail forgeries are incredibly simple to do. Part of the problem is that the protocols that email runs on were written in the early 1980s when there was no such thing as email spam. Basically, when one computer connects to another computer to send mail then usually the receiving computer trusts that the sending computer is telling the truth about the sender.
The conversation between the two computers looks something like this:
MAIL FROM: firstname.lastname@example.org
RCPT TO: email@example.com
This is the body text of the email.
SPF, but they are not very widely used.
One reason why spammers like to send spam "from" the victim is because it will often get through the victim's spam filters. In general, you should not whitelist your own email address in your spam filter for this reason. Fixing spoofing at a filter level is possible, but every email system and spam filter is different and this is really one for experienced IT support people to resolve for you.
I mentioned earlier about a different scenario - one where the mail appears to be "From" a contact. Although superficially it might appear to be similar, in this case it usually means that an email account has been hacked into, typically the person that the mail is "from". If you receive spam from someone you know then the best thing to do is contact them offline and let them know that there's a problem.