I recall receiving an email from company X, warning me to not trust emails that said they were from X but didn't come from X.com. But the warning email itself did not come from X.com! They broke their own rules in the warning email.

It's been a while, so I cannot name and shame X...