They have poor email security. I only had the experience of spoofing and phishing on websites I hosted with them.
Their go-to response is "We also...
strongly recommend you implement recaptcha on your contact form(s) and comment section of your wordpress/joomla incase you have any of such open source ware running in your account."
Kindly note that these steps were done before the spoofing began.
For a non-technical person, it can be a nightmare.