Sounds like a
joe job. Fortunately,
SPF was designed to specifically combat joe jobs. Publish an SPF record that states which servers are used for your outbound e-mail. And when domains that check SPF receive bogus e-mail claiming to be from your domain, it will be instantly deleted or flagged. Just having the record gives you something to point to if there are any problems.
You must also consider that while the joe job is intentional, it may just be a spammer who hit upon a valid e-mail address and is using it to get past filters (and is not necessarily the work of a disgruntled ex-employee).