Welcome to WebmasterWorld Guest from 18.104.22.168
Two possibilities are that some phishers have spoofed your domain names as the "Reply-to" address or link-text domain in their phishing e-mails, or perhaps your forms have been hacked. Depending on which of these occurred, you'll either want to contact MS's browser security team to inquire about getting off the blacklist, or perhaps contact your host or a security consultant for help cleaning up the forms on your server.
AFAIK, the #1 signal for a phishing site is that the domain shown in the link-text does not match the domain in the <href> http: or mailto: link itself. So be sure that your links and/or e-mail addresses match the link-text if you use that format either on your sites or in promotional e-mails.
Also, make sure you're not linking to your own sites using IP addresses and/or non-canonical domains names instead of the canonical domain names.
My logic is, phishing is an email scheme. Your forms are the point of entry.
Server logs seldom tell the whole story on this. Any form processor should log user input data, and do so in a private location. If you get one of those "cool site!" spams every now and then, it's entirely possible they are using email injection to inject a BCC into the mail headers.
You get one email. AOL gets a thousand. This is significant.