The «human factor» of security
Human beings are the weakest link in any security system.
You can explain why spam messages should never be opened, if it's evident from their look why they're spam and nothing else.
You can provide details on how spammers perform monitoring of their victims' email boxes reliability (by providing specially crafted links to external images, for example).
You can prove that spam is only existing because people open spam messages and perform whatever actions are expected (click on fraudulent links, buy the promoted goods and so on).
You can provide whatever else you can say about spam, its danger and consequences of not destroying it on sight — and fail to prevent people from opening spam messages deliberately. That's the most strange thing about human beings' nature. Curiosity, carelessness, whatever else, it makes sending spam messages a profitable business.
Ars Technica posted an interesting article about users clicking links in spam messages. Looks like the relatively young users, considering themselves experts in network security, are those encouraging further spam sending.
The ABC of email security
The main principles of email-related security are well-known, yet they are at times neglected. Let me cite some of them.
All the fields in an email message can be forged. It means you can't rely upon any field, you can't be sure the message is genuine unless using additional means to verify that.
Some of the means, such as SPF check, using real-time block lists (such as those mentioned at Spamhaus) can filter off most of spam messages, recognize them on entrance.
One should never click on links in email messages, unless absolutely sure the message is 100% genuine and secure. In fact, it's safer never to open whatever links are in email messages, even if they are legitimate. Even if link doesn't make use of your OS, or software (such as the browser) possible vulnerability, it can help the sender to track your email address and make sure it does accept email messages. Expect spam flow to grow after that.
In case you are urged to perform any action, check first that the message came from whoever claims to be its sender. If it is claimed the message comes from your bank, call your bank's office, make sure the email is legitimate and true. And so on.
Spam messages never address you by name. Why? because they don't have it. because they don't care. Remember: the sound of one's name is one of the best sounds. Every legitimate email sender, if addressing you personally, will always address you by name. It doesn't mean that every message where you are addressed by name is always legitimate, but if you are not addressed by name in seemingly personal message, be wary about its contents.
Teaching network security
Nowadays the network security is taught the hard way: people suffer from consequences of their lack of knowledge about security, and only after that the victims do start to take security seriously. At times, at least.
The only rule could defeat spam and whatever dangers it spreads: do never trust whatever you see in spam message, do never open them at all.
Have you ever opened a spam message? Why have you done that, if the answer is positive?