I've had to deal with these issues before and let me tell its a pain. It's not usually too hard to get off the databases, just send them a request. It's much harder to deal with spoofing however. The nature of how email works allows spoofing to be done.

Here are some general suggestions to help make your site more secure:

1) take advantage tools like mxtoolbox.com. Setup alerts so you know when/where/what's going on.
2) in cPanel, make sure you enable DomainKeys and SPF, these help to prevent forged emails.

3) StopForumSpam.com, projecthoneypot.org, can be used on your site to help with spam. You can get plugins for your site software that can directly integrate with these services. HoneyPot will stop a spammer as they visit they site even before trying to log in. I have both running on my site and it has minimized the fake registrations and spam post.

4) if your on a vps/dedicated with cpanel be sure to enable automatic updates to keep your system software up to date. Make sure mod_security/csf are installed and configured and cPHulk is enabled. Check your php.ini and make sure it's hardened.

5) if your on a shared account, ask your host to verify the security of your account and help to clean up the dirty ips and being removed from the spam databases.