Check your scripts for the popular phpMailer library and update to the latest version:
If your scripts do something like this then they are vulnerable:
$phpmailer->setFrom( $_POST['email'] );
This also applies to your live demos, if you let the customer change the sender address in your php app live demo then someone can potentially take over your server.