The first thing to know is that if someone knows your IP and tries to spoof it, they cannot receive any responses since the response would be sent to your IP. So logging into a website with a spoofed IP is generally not possible.
Also worth knowing is that any ISPs now are able to prevent IP spoofing by filtering out requests originating from their network which come from IP addresses not part of their network.
The spoofer project has a lot of useful information on the subject, including ISPs from which you can and cannot spoof.
