header:
01: Return-Path: <apache [at] www.hatelecom.or.jp>
02: X-Flags: 0000
03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
04: Received: (qmail invoked by alias); 25 Mar 2006 xx:xx:xx -0000
05: Received: from hatelecom.or.jp (EHLO www.hatelecom.or.jp) [211.125.75.145]
06: by mx0.gmx.net (mx034) with SMTP; 25 Mar 2006 xx:xx:xx +0100
07: Received: (from apache [at] localhost)
08: by www.hatelecom.or.jp (8.11.6/8.11.6) ID: [ID filtered]
09: Sun, 26 Mar 2006 xx:xx:xx +0900
10: Date: Sun, 26 Mar 2006 xx:xx:xx +0900
11: Message-ID: [ID filtered]
12: To: poor [at] spamvictim.tld
13: Subject: Revision Your Amazon.com Information
14: From: "Amazon.com" <update-account [at] amazon.com>
15: Reply-To: update-account [at] amazon.com
16: MIME-Version: 1.0
17: Content-Type: text/html
18: Content-Transfer-Encoding: 8bit
19: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
20: X-GMX-Antispam: 0 (Mail was not recognized as spam)
21: X-GMX-UID: [UID filtered]
22: X-PM-PLACEHOLDER: .
Dear Customer,

- Due to recent account takeovers and unauthorized listings, Amazon is requesting a new account verification procedure. From time to time, randomly selected accounts (seller and/or buyer)are placed under an advanced updating process based on merchant accounts/bank relationsand on-file credit cards. Amazon may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account has expired, or if you have changed/replaced your credit card without letting us know about the change.
* Your account is not suspended, but if in 36 hours after you receive this message your account is not confirmed we reserve the right to terminate your Amazon subscription.
* If you received this notice and you are not an authorized Amazon account holder, please be aware that it is in violation of Amazon policy to represent oneself as an Amazon user. Such action may also be in violation of local, national, and/or international law.
* Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft.
* Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click the link bellow:
* {ht*p://w*w.amazon.com/exec/obidos/sign-in.html }

We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.


Respectfully,
Amazon.com, Inc.

Copyright 2006 Amazon.com, Inc. All rights reserved.

Amazon sent this e-mail to you because your Notification Preferences indicate that you want to receive information about Special Events & Promotions. Amazon will request personal data (password, credit card/bank numbers) only on our home site, wich is securely incrypted with SLL.
"the link bellow" führt natürlich nicht zu Amazon sondern zu:
whois: [Link nur für registrierte Mitglieder sichtbar. ]/media/.login/mail/amazon/index.html

Man beachte die falsche Schreibung von "bellow", die immer wieder in den Phish-Mails zu sehen ist! Man könnte das fast zur Identifikation benutzen.

Ich werde das mal bei Amazon einwerfen.