"Consider this a public service announcement: Scammers can forge email addresses. Your email program may say a message is from a certain email address, but it may be from another address entirely.
Email protocols don’t verify addresses are legitimate — scammers, phishers, and other malicious individuals exploit this weakness in the system. You can examine a suspicious email’s headers to see if its address was forged.
How Email Works
Your email software displays who an email is from in the “From” field. However, no verification is actually performed – your email software has no way of knowing if an email is actually from who it says it’s from. Each email includes a “From” header, which can be forged – for example, any scammer could send you an email that appears to be from email@example.com. Your email client would tell you this is an email from Bill Gates, but it has no way of actually checking..."
"The IP addresses involved may also clue you in – if you receive a suspicious email from an American bank but the IP address it was received from resolves to Nigeria or Russia, that’s likely a forged email address.
In this case, the spammers have access to the address “firstname.lastname@example.org”, where they want to receive replies to their spam, but they’re forging the “From:” field anyway. Why? Likely because they can’t send massive amounts of spam via Yahoo!’s servers – they’d get noticed and be shut down. Instead, they’re sending spam from their own servers and forging its address."
In fact, the first time I received an email informing me about my being chosen or selected for an incredibly big prize, a friend said the best test is to ask yourself whether you had taken part in any such contest. If you hadn't, how could you win? It is like having struck a lottery without having to buy a ticket first! Impossible, isn't it?