Once upon a time, if you got a phishing email from a spoofed address, you could forward it to spoof@[spoofed.domain.name] and it would almost always go to that company's fraud division or internet tough guys. Usually when I sent it to a bank (generally not my bank, but how would the phishers know?) I'd get a back a lengthy message saying, "NO, NO! That email didn't come from us. Don't share your info with them! If you did, call this number right now!" Which I always thought was pretty crazy, since you imagine people who believed the message wouldn't be sending it to Mr. Spoof.
Nowadays, it seems that Mr. Spoof has died. Or been laid off, or something. The past few times I've tried it, the email address doesn't work. Have we just gotten to the point where no one cares? 'Everyone knows' that phishers are out there, so everybody's on their own? The bank doesn't care that a replica of their website is hosted in Krplokistan?