Actually it is very easy since the mail servers are setup so that you can send mail via the server from any location as long as you know three things: The outgoing (or SMTP) server address, the username to the mail account (usually the email address) and the password for the mail account.

And what makes it easier is the fact that users don't create secure enough passwords for their mail accounts. Hackers are not stupid - they know users sometimes use easy to remember passwords like "password" or "12345" and if they can guess a password then they can send spam. So the best way to counter this is to create more secure passwords:

1) Passwords that are not the same or similar to the username - ie if your email address is someone@somedomain.co.za - do not make the password "someone" or "someone1" or similar
2) Do not use common words that exist in a dictionary, because hackers can use what is called a "dictionary attack" in other words they submit passwords automatically to the account and these passwords come from a list of dictionary words, if they do it long enough they may strike it lucky and guess the password is it is one of these words
3) Use Upper and lower case characters in the password
4) Use numbers in the password
5) Use special characters like &^%$#@!*() in the password
6) An example of such as password containing all the required components is something like "&bFGhw9hgh3" - something that is similar to the passwords cPanel creates when you create a mail account