If you happen to use SpamAssassin and have override configuration rules set to whitelist email from your own domain, don’t be surprised if you start seeing spam that appears to come from your own email address or another address on that same domain.
Such spam will appear with this header value:
This is an indication the spam was permitted through and not blocked by SpamAssassin, because it was perceived by SpamAssassin that it was a legitimate/whitelisted email from your domain, to your domain.
Some spammers are taking advantage of the fact that SpamAssassin automatically allows through anything from your domain — even if it is in fact spam — if the from header has been masked to appear to come from one of the addresses or domains on your account and your domain is whitelisted within cPanel.
To prevent this, log into your cPanel administration area, click on SpamAssassin, and click on “Configure SpamAssasin”. Then make sure you do not see your domain listed on the whitelist_from list of permitted domains.