Hi, I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and even appears to have been routed through facebook's outgoing mail.
All of that could be faked, but it would mean the payload is in the actual facebook profiles themselves. Has anyone else found this to be the case? http://pastebin.com/jE8G5LXJ Thanks, Alex
