What joy for the criminals who want to send emails with spam, viruses and/or "phishing" attempts - here are lots of genuine email addresses to be used. Even better, the criminal can send forged emails pretending to be from one of the addresses, knowing that there is a good chance that the recipients will innocently open a message from someone they already know!
So when you receive emails from someone you know, and the email is spam or worse, it does not necessarily mean that the apparent sender has been compromised, but only that their valid email address has been picked up by a spammer or criminal.
Sometimes this will occur whatever precautions you take - when you give your email address to some organisations these are sold on by those organisations. Obviously these organisations (Groupon is one) are behaving dishonestly, but there is little you can do to stop them, other than not dealing with them.
But anyone who uses the open forwarding of emails, complete with lists of valid email addresses, is guilty of making the criminals life easier!
The solution is to remove all earlier lists of email addresses, and only forward using the BCC (Blind Carbon Copy) feature in your email software. This ensures that when you send to a number of recipients they can only see their own email address, so if the email falls into the wrong hands only one (actually two, as the sender address is shown as well) valid email address is compromised.
A full explanation can be seen here https://en.wikipedia.org/wiki/Blind_carbon_copy
As you will see, there are some drawbacks if you want a group of people to be able to reply to everyone else in the group, but there are ways round this, as explained in the article.