HI, >> I've received a handful of messages that appear to be facebook >> notifications, but fail SPF. They otherwise look completely legit - >> links to profiles, only URLs to facebook.com and CDN caching sites, >> and even appears to have been routed through facebook's outgoing mail. >> >> All of that could be faked, but it would mean the payload is in the >> actual facebook profiles themselves. Has anyone else found this to be >> the case? >> >> http://pastebin.com/jE8G5LXJ >> >> Thanks, >> Alex > > I would say that because it passes DKIM with a signature from > facebookmail.com, it's likely legitimate and they just suck at SPF (wouldn't > be the first time a multi-billion dollar company can't get anti-forgery > right). The rDNS of cox.net seems odd for a CDN, but there's not really any > standard and I don't know offhand if that's the hostname format they use or > not.
Perhaps then it's worth evaluating KAM_FACEBOOKMAIL for stricter control on facebook alerts? Thanks, Alex
