E-mail identity spoofing is performed by the malicious user simply entering someone/anyone else's e-mail address into his own e-mail client. Any e-mail he sends out will look as if they came from the victim. Unfortunately, there's not a great way to prevent this from happening, since the misbehavior takes place on the bad guys' systems. For those who get messages bounced back, they can check the e-mail headers to see where the e-mail originated, but that's likely to be spoofed as well.
This was first published in September 2004