Not exactly sure how they are using your email address. Did you not renew your domain name registration and they swiped it? Are they spoofing the address, so it looks like yours but the link actually goes to one of theirs on a separate domain? Did they break into your (or a 3rd party) network and take over your email server?

Bottom line is if you can somehow prove that the address is yours and they are using it in some illegal fashion, I would call your local FBI office. The threshold for monetary damages is $5000 before they'll get involved. Seems like you've lost way more than that. Getting the proper autorities involved will not only make sure you follow proper procedures and not do anything illegal yourself. It will also put some real pressure on the other side to stop whatever it is they are doing.

Hope this helps,
Don

As Don have already explained, you need to get some email samples as an attachments, and study them carefully to see if the case was email spoofing, or if they are really using some of your infrastructure as slimjim100 have pointed one example. I have seen this happen in the past using broken cgi scripts such as formmail, if any of your publicly accessible servers can act as open proxy/relay of some sort, they can use your ip addresses as the originating addresses, and the email spoofing is much easier then. first invest in investigating how this is done, what was exploited, and whom is responsible for it. prove that you can trace it back, and contain the problem, you can google for incident handling, or email fornesics if you can not afford to hire a security consultant