Double check all email (cont'd)

ps -- forgot to say -- a trojan might (initially) circumvent the above checking, if it uses the compromised sender's real address and goes through the sender's usual mail server, because the purported sender would confirm it as a valid message at each stage.

The result, however, would be that the trojanised source could be reliably identified (if you get such a spam, then you KNOW that it came from somewhere in the alleged sender's jurisdiction and whoever provides that sender's internet connectivity can refuse further mail from it until verified clean). At the moment, that process is complicated by forged headers, making it impossible to safely automate the process.