The email standard was designed as a simple standard long ago and is still used largely unchanged.
The sender and receiver information that your e-mail program shows you in the e-mail headers is not actually used when the mail servers are transmitting an e-mail among themselves.
In other words, there are different headers used by mail servers and these are deleted from the mail before it is delivered to you.
In other words, while your mail program tells you that the mail came from info@domain.com.tr, it can write something completely different in the forwarding protocol used by mail servers. The sender can be like hacker@foo.com and pretend that he/she is info@domain.com.tr.
We use additional security measures to prevent problems like this, and it will not be a problem for Kalfaoglu users - because we check that each incoming e-mail comes only from an AUTHORIZED mail server. In other words, when an e-mail that pretends that come from a user in Turkey but was sent from Japan from an unrelated mail server, our server rejects that e-mail.
Unfortunately many service providers do not provide our protection level and some random user can create emails that seem to arrive from, say, a user in Turkey, whereas it it sent from abroad. And unfortunately these emails are delivered to their users.
As a result, the person receiving the e-mail thinks that the e-mail came from you.
The only way to prevent this is to spread new control technologies like DKIM to all service providers.
For more information, you can review the RFC821, RFC822 and DKIM standards.