We've trapped a couple of mails from gmail containing malware. Malware in the form of an attachment called "Payment.rar", "document.rar" or "INVOICES.rar"; within that file is a windows ".scr" or ".exe" executable.

The text is like this (sic):

Dear Sir/Ma
Please check attachment for the confirmation of the part payment into your account. Thanks for your patient and we sincerely apologize for the delay. Please find swift message for the payment made via attachment and confirm back.
--
Thanks & Regard,
Rohitashwa K. Mishra,
Senior Journalist,
Dainik Bhaskar Group.

Or perhaps like this, received from mail-vc0-f194.google.com [209.85.220.194] on Tue, 29 Oct 2013 06:12:01 (sic):

Dear sir ,
Regarding to the previous order i made in your company , the goods shipped
to me are not exactly what i purchased, the attachments are the slip of
the payment i made and sample of the products i need if you have them give
me feedback and the new account so that i`ll make the next payment as you
told me .
thanks.

As most Sky mail customers will be only too aware of by now; Sky are trransferring their service from Gmail to Yahoo!

So far the change, which started on the 4th April, has not exactly gone smoothly.

One legacy from the Gmail service is the SPF record for sky.com:

"v=spf1 ip4:87.86.189.0/25 include:aspmx.googlemail.com a:im3.sky.com mx:sky.com include:sendgrid.net ~all"

Our customers may experience delays on mail from non-whitelisted @sky.com addresses as a result.

Sky.com mail users must now take additional precautions to secure their account.

Being an Android owner I have a Gmail account. Checking my spambox the other day I found this message:

Dear Google Wallet user,

To ensure that you're able to access all of the Google Wallet services and features available in your area, we need you to confirm your home address where you reside. Please visit your Google Wallet account settings page and update your information to ensure continued access to all the features of your Google Wallet account.

For more information, please visit our Help Centre: http://support.google.com/wallet/bin/answer.py?answer=2560589

Sincerely, The Google Wallet Team

You have received this mandatory email service announcement to update you about important changes to your Google Wallet account. Please do not reply to this email. Mail sent to this address cannot be answered.

On the face of it a simple phish - Google's filter obviously thaught so, but it is in fact a genuine e-mail sent by Google thenselves. Their own SPF and DKIM tests resulted in a pass, as revealed in the headers. The link is to https://wallet.google.com, so that is also genuine. So if you receive spam, be sure to go through it, you never know what you might find!