My spamfilter software lets me read an email from the POP3 server without doing any HTML processing. Some of them even cut-and-paste normal Paypal emails, and just use a different URL. First defence is the account name it's sent to, second is knowing who you do business with. I only have an account with one bank, and they don't know my email address anyway. If you're setting up an account with Paypal or eBay, and you have the resources to do so, use a unique email address. It can't be hidden if you want people to pay you, but you can safely ignore apparent Paypal or eBay emails to any other address. And, yes, I know some people have limits on how many usernames they can use. Trouble is, they usually subvert somebody else's machine to do this. It isn't easy to trace the criminal. So remember your own security -- firewalls, virus checks, updates. This is something making me a little nervous about the prospect of getting ADSL access.