My work email is being deluged with a flurry of bogus bounced mails this morning. I've had 10 of them come through my inbox in the last 15 minutes, all of them with attachments.
Tip: If you get an email bounce (typically has the subject 'Returned mail' or 'Unexpected delivery failure', always check the From address. Generally authentic bounced mail only comes from the mail server that your outgoing mail goes through. If the From address in the email doesn't look like one of the servers you configured your email client with, odds are it's bogus and you probably shouldn't open it. If the bounce also has an attachment, odds are even greater that it's a bogus mail. None of the mail server software I'm familiar with send out bounced email notifications with attachments.
Consider for example my regular netcom.com email. My email client is configured to fetch mail from Earthlink's POP server, , and send outgoing mail through their SMTP server. If I get a bounce that doesn't come from a netcom.com or earthlink.net server, that's an immediate red flag so it gets flagged as junk and into the bit bucket it goes.
These bogus bounced emails are no doubt an attempt to take advantage of most people's general lack of knowledge about how email is ferried around. The ones I got today were particularly obvious because the From addresses weren't even valid emails.
Keep an eye on your email and never blindly open anything with an attachment. Spam filters are getting better, but they're still not foolproof.