hisham_hm, How spoofable is an email From: field nowadays?
I know that back in the days of POP3 and unencrypted email you could write anything in From: and one would have to cross-check with the other headers to see if the message at least went through the domain in the address.
I believe nowadays big servers like gmail are stricter in the email they accept (to the point of rejecting valid emails, which is super annoying, I know), but is there a standard in check that foo@bar.com comes from bar.com?