I understand that spoofing email incurred. As per my understanding, spammers can forge, or "spoof," your domain's From address to make their spam look like it came from someone in your domain without any authentication,
To help prevent this type of abuse, Google recommends follow anti-spoofing measures that can authenticate mail sent from your domain.
By adding SPF record, it can identify which mail servers are permitted to send email on behalf of your domain.
Also please capture the spoofing email message header for our investigation.
Gmail: Select the spam message. Click the down arrow next to the reply arrow. Select "Show Original."
And I suggest following all the steps outlined in the Gmail security checklist to make sure your account is secure.
I hope above message can help you. Please let me know if you have any comments.