It's not forged headers that makes it look like the email is for someone else, but the fact that the "To:" address in the header actually don't really mean anything.

The actual recipient is often found in the "Received:" lines in the header, but according to RFC 822 the for-part of the "Received:" lines are not mandatory, so some mailservers doesn't add the information. But they do of course specify the recipient when communicating with another mailserver, with RCPT TO.

To preserve bandwidth, most spammers will send their great offers to some invalid address and put a fuckload of real addresses in the bcc-field, which the recipient doesn't see. Mailing lists usually work the same way.

That also explains why fetchmail's multidrop mode breaks some RFCs.

Forged headers are usually "Received:" lines added to the bottom of the header, to make it difficult to find out from where the mail was sent - what ISP was used - so you won't know who to complain to.