Do you mean they have been using your email addres, or they have been using your server?
If they have been using your server, get your admin to put authentication onto SMTP... We have ours setup so that you need authenticating unless you are on our dedicated office IP's or on one of our server IP's.
If they are using your email address, i.e. spoofing... you could try contacting their host who may or may not do something. Also you could setup a SPF record.
Note to self: Add something funny! Search is your friend!