Seems that the Spoofers have simply used the Contact 7 form to see how it delivers genuinely by default - to get the format of the email delivered. They then used the source code from my form page. With those two bits of info, use it to just spam with. Not sure how they got the email address yet. but working on it.
Thought you should know.
Oh, and this may also be the reason why Gmail is blocking Contact 7 formed emails as spam.