There appears to be a resurgence in "bad email" at the moment, so it seems an appropriate time to go over the rules for Sensible Computing.
While spam filters can filter out the vast majority of spam, no system is perfect. Spam filters can be gotten around by various methods such as using a known persons account, sending correctly formed email and acting like a "real email server" and so-on.
My advice is to never follow links from an email or open an attachment, without being completely sure that the email is legitimate.