I think the general guideline for dealing with emails from unknown sources is to move them into trash.

I have never opened any file (zip or otherwise) from sources purporting to be from people I know.

Another giveaway is to hover the mouse over any links in the email - this usually gives you the actual URL of the link, not what the email specifies.

Although it's technically possible to spoof the mouse over URL, I have not seen this in spam emails yet.