> If I try to spoof my email to make it look like I'm sending it from @facebook.com, your webmail provider will tell you this email might be fraudulent (and likely place it straight in the spam folder)
I'm looking at the headers of an automated message sent by Facebook (so-and-so shared a post), received by Gmail:
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) XXX@facebookmail.com;
spf=fail (google.com: domain of XXX@facebookmail.com does not designate ### as permitted sender)
This suggests to me DKIM and SPF are not weighted heavily to determine the legitimacy of a message from Facebook (or "Facebook") and filtering would be based more on the body of the message, as it often is, including the URL you specify. I don't see how Facebook email is less secure than email in general, email in general is not secure.
I'm looking at the headers of an automated message sent by Facebook (so-and-so shared a post), received by Gmail:
Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) XXX@facebookmail.com; spf=fail (google.com: domain of XXX@facebookmail.com does not designate ### as permitted sender)
This suggests to me DKIM and SPF are not weighted heavily to determine the legitimacy of a message from Facebook (or "Facebook") and filtering would be based more on the body of the message, as it often is, including the URL you specify. I don't see how Facebook email is less secure than email in general, email in general is not secure.