Actually, there is an interesting hole in many of our discussions:
What about spoofing from _within_ an organization? Since most
organizations suffer data theft from within, this is not a small
concern.
This is certainly an issue. Google 'Larry Ellison' and 'Adelyn Lee'
to see why.
But it is reasonably easy to fix this inside an enterprise. You
just need to implement an appropriate security policy, implement
authentication on your mail server, eliminate all relayed mail
that claims to come from inside the enterprise.
Phill