It is very easy to forge email; that is,to send email as if it came from someone else.
It is trivial for your email to be read while it is in transit:left to its own,email is like a postcard.I don't like to sound like I live in the backwoods of Montana,but government agencies all over the world are reading email via automated scans.If this upsets you,you don't need to blow up any buildings.Just follow the instructions here.
As for forged email return addresses:Anyone could send you mail pretending it came from me.Or,if you like,anyone could send internet email to your boss,looking like it came from you.If you live in America,someone could send a death threat to the President as if it was from you.The security forces are obliged to investigate all death threats against the President (this is serious,so don't do this to someone as a joke).Commercial email systems used within a company,such as Lotus Notes,have solved this problem:they authenticate the sender of all messages.These notes will tell you how to get this level of security with your internet software,and it doesn't cost a cent.You need to install a digital certificate on your computer.
It is also quite easy for someone to alter the content of email after it has left your machine:this requires more technical skills then the simple forging of a return address,but internet email provides no protection against it.
Digital signatures prove who email comes from,and that it has not been altered in transit.If you establish the habit of using digital signatures for important email,you will have a lot of credibility if you ever need to disown forged mail that appears to be from you.They also allow you to encrypt email so that no one can read it except the recipient.PGP in particular offers levels of encryption that will take Nobel prizes to break.Actually,digital signatures are really about proving who you are,which is useful for all kinds of internet transactions,but I'll concentrate on email.