The simplest way that will give you clues a lot of the times is look at the from field. If the address is misspelled or is not the correct address for the sender then it's a phishing attempt. Next you can look at the message headers for email address and paths the email went through. There are identifiers like received fields which are stamped anytime a message goes through an SMTP server, if it's misspelled or not expected the email isn't legit. next you can run a route trace and nslookup to try and narrow down the sender, or see if the email bounced from servers in the wrong part of the world. Unfortunately from this point on it becomes much tougher to figure out. but the first few check will reveal a lot of the common spoofed emails.