I usually just reply immediately thereby confirming that your address is valid and that you read spam.
V: PayPal doesn't send messages like this one. In response to the IE-can-display-the-wrong-address bug they also recommend that when visiting their site you type the address ( h t t p s : / / w w w . p a y p a l . c o m / ) by hand into the address box of a fresh browser rather than clicking a link (which may hide a password collection site) or using the existing address box (which may, and I know it's a stretch, be an activeX or element drawn by the current page.)
So no. Don't reply. Don't click the link. Forward the mail with full headers to spoof@paypal.com if you're so inclined. If you did click the link and type in your stuff, open a new browser now, log into paypal and change your password.
no subject
V: PayPal doesn't send messages like this one. In response to the IE-can-display-the-wrong-address bug they also recommend that when visiting their site you type the address ( h t t p s : / / w w w . p a y p a l . c o m / ) by hand into the address box of a fresh browser rather than clicking a link (which may hide a password collection site) or using the existing address box (which may, and I know it's a stretch, be an activeX or element drawn by the current page.)
So no. Don't reply. Don't click the link. Forward the mail with full headers to spoof@paypal.com if you're so inclined. If you did click the link and type in your stuff, open a new browser now, log into paypal and change your password.