Thanks for the reply,
Our clients all have sites on different servers and their email addresses are not the ones in the "From" field so I don't think it's being spoofed based on the dns records.
We, as the developers have our support email as the wordpress admin email in the general settings and we get these spam emails from a few different sites.
We have an email bcc'd on client contact forms so that we can track their leads as they come in.
The spam emails seem to use the wordpress admin email (our support email address) as the "From" address so to our clients it looks like we sent them a contact request.
Bottom line, it seems like whoever is spamming is somehow finding out what the wordpress general settings email is and using that for the "From" address when sending out spam.
It's really odd but has happened on more then one site. Not sure if this makes much sense or not but it's something that is slowly becoming problematic.