I received an email today that appeared as though it was from Facebook. Before I opened it, I noticed some issues that made me ask myself if this email is really from Facebook.


How can you tell if an email is really from Facebook?

First, before I even opened the email, I looked at what email address it came from.

Previous emails from Facebook haven’t used that email address before, so that was my first red flag, and really enough to justify reporting it as spam.
Facebook Email Address

Since I’m more familiar with what to look for to verify an email’s authenticity, I went ahead and opened the email. When I did, I immediately saw the second red flag. It shows the email was sent from a MailChimp account.
Facebook Email Scam

Facebook would never use MailChimp to send emails.

Before you start opening emails that you aren’t sure about, please remember this. When you open an email that was sent from MailChimp, Constant Contact or another email marketing service, it will notify the sender that you opened the email. The sender could then sell your email address to other people who could then spam you. This isn’t always the case, but when you receive an email that’s not actually from who it says it’s from…

I also noticed that the body of the email was duplicated (view a PDF of the actual email). Facebook doesn’t make these mistakes.

Finally, I viewed the email header code so I could find out who is using the IP address it came from. The result, a company called Rocket Science Group, LLC, who owns MailChimp (view the report). What does that tell me? It proves again that it wasn’t from Facebook, because Facebook is listed as the owners of their IP addresses (view their report).

I reported this email as spam. Why?

When you report an email that was sent from an email marketing company as spam, they take it seriously. If they receive enough reports, they will shut down the account that’s sending the spam and the owners cannot access any of the information that was in it. That means they can’t see who opened the emails they sent, so they can’t prove that your email address is live if they try to sell it to someone else.

If you report an email that wasn’t sent from an email marketing company as spam, Google, Microsoft, Yahoo, Apple or any other company you use for emails, will blacklist the IP address that sent the email. That means the company or person who sent the spam email will not be able to send anymore emails from their location.