Who is that email from???

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://zdnet.com.com/2100-1105_2-5070929.html

Title: Office users at risk from 'critical' flaw

"In most cases, a person would have to receive and open a
maliciously crafted document to trigger an attack. If Microsoft's Outlook
e-mail client is set up to use Word as the default program for editing
HTML Web code, however, the vulnerability could be exploited by
responding to or forwarding a message with a malicious
attachment."

"If you receive an attachment from someone you don't know, something
you're not expecting, you should be very cautious,' said Simon Marks,
Microsoft product manager for Office."

BUT, as with the recent rash of false emails, you cannot just read the
"From" displayed by your email client and know who the email is
really from.  It is trivial when sending email to change the
"from" to be whatever you want it to be.  Only by looking
at the routing can you determine that the email came from the
"wrong" domain.

So, how many of you check to see that the email with attachment you just
received really came from where it says and not from an
imposter?

Bottom line:  How do you know if this email is "from someone
you don't know"??

Cheers,
Gary (I think its me :-)

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************