Well, all I know about the technical aspects of it is that it spoofs the headers on an email so that the sender seems like someone else. This is a real old technique and if I'm not mistaken, is usually done through a pHp script.
As for you second question, the accounts usually get back to you by you setting up a phishing site that looks legit to a user. You link the site in your email, and hope they go to the phishing site.