eMail Routing is allowing spam to be sent from my domain name

Set a DMARC policy on your domain holding “v=DMARC1; p=reject; sp=reject; np=reject;”.

It will be the most strictest DMARC policy you can have, and it would mean that all messages that the Cloudflare Email Routing receives, which is claiming to be from your domain name, but cannot be verified to be so, will then be rejected by the Email Routing.

Note: Unless all of your existing, but legitimate outbound email streams do proper domain authentication (e.g. either DKIM or SPF, including perfect alignment), a such REJECT policy might also mean other destinations are rejecting the messages that you send towards them, if your own messages fails to comply with your new policy.