Spammers use eMail return address to keep themselves from getting blocked. There is nothing you can do about this, unless someone figures out a way to handle the problem network-wide.
For more than a few years now, spam and viruses have been spoofing usernames to hide their tracks. The virus is almost certainly not on your user's computer. However, their name is in the address book of a computer that DOES have a virus. That virus randomly selects people out of the address book as the "sender," when it mails itself out -- obviously, if you knew who the REAL sender was, you'd let them know they have a virus and they could do something about it.

If the problem is a spammer (you can usually tell from the content of the message), then that spammer is basically doing the same thing as a virus, except that he's bought a mailing list and your user is on it.
A user can get on any number of mailing lists in very innocuous ways: they had to register on a news site (NY Times, Washingtom Post, Wall St. Journal, LA Times all require registration just to read articles, for instance), or even with a business group or Chamber of Commerce. These companies all promise that they will only share your information with their "authorised business partners."
Unfortunately, these business partners can ALSO share with THEIR business partners, and somewhere down the line, "business partner" becomes "whoever will pay me for the list."

In both cases, you really can't stop these delivery failures for bogus emails without stopping delivery failures for ALL emails.
The one ray of light is that these things don't usually last more than a few days to a couple weeks at most. Then the virus is caught or goes inactive, or the spammer moves on to the next set of names on his list....

One possibility to avoid this (and other "spoofing" problems) is to set your mail server to do a Reverse-DNS check (RDNS) before accepting any inbound mail. Basically what this does is it checks the IP address that the message originated from using RDNS to see if it matches the "from" address (domain) of the sender (let's say for example the message has a "from" address of: user@company.com), and then your mail server will compare the result of the RDNS check (a domain name) to see if there is a match.
If that IP address matches the IP address that the message came from (in the message headers), then the message will be accepted. If it does not match, it will be rejected, sometimes even without a non-delivery response.

The problem with a lot of RDNS checking logic is that many companies (and ISP's) either do not have RDNS set up at all, or the RDNS address reports with the ISP's domain name, not the company that is utilising that IP; Therefore, legitimate mail could easily be rejected without notice.
Microsoft Exchange has such a feature buried within the SMTP Virtual Server (or SMTP connector if you're using one) settings.

Yet another method for checking and protecting against mail spoofing (or at least having YOUR domain spoofed) is to add an SPF (Sender Policy Framework) record to the zone file of your domain (usually done at the ISP level). You can read more about SPF records here: http://www.openspf.org/Introduction It is surprising how few domains have an SPF record defined...

The only problem with a reverse DNS check is that the domain from which the Delivery Failure is coming is almost certainly legitimate and "Mailer Daemon" or "System Administrator" from that domain is going to be a good address.
Unless your reverse DNS will check back through all the steps to the origination of the message, at which point you will finally see the mismatch, it's unlikely to help against delivery failures. It will certainly help against other spoofed emails.