Am 31.10.2009 habe ich die unten stehende Mail erhalten. Die Mail war so hervorragend ausgefertigt, dass sie weder als SPAM noch als Phishing erkannt wurde.
(ich habe hier unten meine Homepage-Adresse mit XYZ unkenntlich gemacht)

Vorerst die Kopfdaten (header) dieser Mail:

From - Sat Oct 31 18:40:51 2009
X-Account-Key: account6
X-UIDL: UID52-1239349698
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <3_D7rSgcKBHEcdgTeanVddVaT.RdbXcUdTVeTad.Rdb@phishing.bounces.google.com>
Envelope-to: info@XYZ.com
Delivery-date: Fri, 30 Oct 2009 20:31:09 +0100
Received: from mail-px0-f221.google.com ([209.85.216.221])
(Fälschung des Absenders)
   by server16.cyon.ch with esmtp (Exim 4.69)
   (envelope-from <3_D7rSgcKBHEcdgTeanVddVaT.RdbXcUdTVeTad.Rdb@phishing.bounces.google.com>)
   id 1N3xBe-000339-Lh
   for info@XYZ.com; Fri, 30 Oct 2009 20:31:09 +0100
Received: by pxi18 with SMTP id 18so839085pxi.2
   for ; Fri, 30 Oct 2009 12:31:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=google.com; s=beta;
   h=domainkey-signature:mime-version:auto-submitted:received:message-id
   :date:subject:from:to:content-type;
   bh=xNdyIcn9o0BOBh2hjdrQsoyopaCJwi296tZaI1EXlMA=;
   b=aQVeFhrMwPPlrEFCJSWpQWe130WqK7U+r7ZHtH0yugXhMcZ+yPWynK8ErB10Wh2+2F
   0KIMA/kEwMjhFW+21YUw==
DomainKey-Signature: a=rsa-sha1; c=nofws;
   d=google.com; s=beta;
   h=mime-version:auto-submitted:message-id:date:subject:from:to
   :content-type;
   b=dBsYH8aZw80Nn+TDRtw/vN0831jeMDIjLJpLwvaAxezfxH1J7kpdYYigDB80GVp0mT
   79o3nL2YwB5MS+1JaDvw==
   MIME-Version: 1.0
   Auto-Submitted: auto-generated
   Received: by 10.143.21.35 with SMTP
(nicht regisitrierte IP-Nummer) id
   y35mr261733wfi.24.1256931068953;
   Fri, 30 Oct 2009 12:31:08 -0700 (PDT)
Message-ID: <00504502cb1edf49a404772c1133@google.com>
Date: Fri, 30 Oct 2009 19:31:08 +0000
Subject: Phishing notification regarding XYZ.com
From: noreply@google.com
To: abuse@XYZ.com, admin@XYZ.com, administrator@XYZ.com,
   contact@XYZ.com, info@XYZ.com, postmaster@XYZ.com,
   support@XYZ.com, webmaster@XYZ.com
(8 e-mail-Adressen ins blaue, um ja einen Treffer zu erziehlen. Ist auch gelungen.)
Content-Type: multipart/alternative; boundary=00504502cb1edf499204772c1130
X-Spam-Status: No, score=1.8
X-Spam-Score: 18
X-Spam-Bar: +
X-Spam-Flag: NO

--00504502cb1edf499204772c1130 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes

Dear site owner or webmaster of XYZ.com,

We recently discovered that some pages on your site look like a probable phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have begun showing a warning page to users who visit this site in certain browsers that receive anti-phishing data from Google, as well as users redirected to this site from various Google properties.

Below are one or more example URLs on your site which appear to be part of a phishing attack:

http://www.XYZ.com/~atajachc/fr/login/active/compte/

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//www.XYZ.com/~atajachc/fr/login/active/compte/

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
http://sb.google.com/safebrowsing/report_error/
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team (Totale Fälschung)

Dabei hat der Absender 2 Fehler begangen:

1. Der Empfänger war nicht klar definiert.
2. Unbekannte IP-Nummer des allerersten Absenders

Was wäre geschehen, wenn ich diesen Links gefolgt wäre?
Dann hätte man mich sicher aufgefordert das Passwort für meine Homepage zu geben. Dies wäre auf einer TOP-Seriös aussehende Seite erfolgt. Und ich hätte dann eine Weile lang dieser Seite Aufwiedersehen sagen können.....