How to do it properly.
If you're looking for concrete, definitve and authoritative standards, check out:
Note: An RFC is a particular type of document relating to Internet standards. It must be approved by the RFC editor of the Internet Engineering Task Force - see their website for more information. The IETF is an internet standards organisation.
Unless messages are encrypted and/or signed, mail is an insecure medium. Anyone may place a letter in your snailmailmailbox with whatever they write as the return address; anyone may do the same with an email.
Faking a "From: " address is easy. Do not assume a message is genuine.
If you require a secure medium, use GPG or PGP encryption and signing on your mail. Signing a message allows the recipient to check that the author of a message is who they say they are and the message content has not been tampered with. Encryption protects the content of the message from being seen.
My gpg key is available from my contact page.
One drawback of PGP/GPG encyption and signing is that they only protect the message content, not the headers. The Subject and To headers can be changed easily, which may change the aparrent meaning of the mail - for example, a message informing a employee of a raise could be altered to look like it went to a different employee, even though the message was signed. To avoid this problem, include the information in the To and Subject headers in the mainh message.
These might seem like trivial things or personal preferences, but mail is examined by computers, and they assume things are done as defined in the standards. Not following the standards makes it much more likely that you message will be marked as spam and bounced or deleted.
Coming soon.