Is [email protected] legitimate?

  • I'm having a hard time figuring out whether this email a friend of mine got is legit or a scam. The weird thing is there's only one link to, which is the one about facebook terms. All the others are linking to with a very long funny characters to follow. Another thing that raised suspicion was a particular grammar error and one link in Spanish. I tried searching online but all I got was opinions that are hardly believable.

    What should I do to check whether it's legitimate or not?


    Example link:


    Amusingly, if you go to you get redirected to an advertisers site:

    @D3C4FF The domain was registered by Facebook through an affiliate brand protection company. Makes some sense that it'd redirect.

    Renan if you want to check the URL I have a couple of suggestions (sorry i couldn't add this reply to the answer above, not enough rep)

  • Looks like the source domain is legit to me. Here's the whois result for the domain:

        Domain Administrator
        Facebook, Inc.
        1601 Willow Road 
         Menlo Park CA 94025
        [email protected] +1.6505434800 Fax: +1.6505434800
    Domain Name:
        Registrar Name:
        Registrar Whois:
        Registrar Homepage:
    Administrative Contact:
        Domain Administrator
        Facebook, Inc.
        1601 Willow Road 
         Menlo Park CA 94025
        [email protected] +1.6505434800 Fax: +1.6505434800
    Technical Contact, Zone Contact:
        Domain Administrator
        Facebook, Inc.
        1601 Willow Road 
         Menlo Park CA 94025
        [email protected] +1.6505434800 Fax: +1.6505434800
    Created on..............: 2006-01-23.
    Expires on..............: 2018-01-23.
    Record last updated on..: 2012-09-28.
    Domain servers in listed order:

    However, this doesn't mean the email is real. It could've had its source address spoofed. Check the headers on the email to see if the source SMTP server is legitimate, and if the return address is valid. You can also contact Facebook's security team to inquire about the potential phishing attempt, and provide them with the embedded links - they might represent an XSS or other attack on Facebook itself.

    I'll have to contact him to have the SMTP source checked. I'll get back to you tomorrow.

  • Sounds strongly like it is a phishing attempt. The best bet is always to contact the party the e-mail claims to be and forward them the message. They can confirm or deny if it is a fake and it is good to let them know about the fakes that are going on out in the wild.

    Update: Facebook does send legit e-mails from this domain, but there are also a LOT of phishing attempts that also pretend to be from this domain. From what I've been reading, it looks like the links should be to if it is legit. If you can mention what some of the actual hyperlink target's are of the e-mail we might be able to be of more assistance.

    Also, contacting Facebook is still going to be the most authoritative answer you can get.

    The original post was updated with an example link.

    Ok, this appears to be valid to me. It appears that the website is run by a marketing company responsible for e-mail advertisements for Facebook. The link appears to be a click-tracker that redirects to No guarantee if all the links are valid though as the misspelling is a big red flag.

    Yeah! And I've just found another bizarre mispelling. Is it possible to enter the link somewhere that could check it's safety?

  • You asked if legitimate?

    I performed some quick online IP reputations scans check from notable online vendors and here is the response. Quick snapshots.

    Total tests performed 3
    Test passed 3

    enter image description here

    1. enter image description here


    enter image description here


    Its most certain that infact an spam relay / server was used to sent this email; you can look at the header and see where the email originated from. From there you can do the reverse dns lookup to see if the tests passed. If its spam' its gonna fail in the results.


    There is debate on a similar phishing attack analysis done by someone on the internet. Just like in your case, someone too has been alerted on the use of specific language native / local to his context or use. E.g Malastname1 comments.

    Reverse dns lookup test

    "Its most certain that infact an spam relay / server was used to sent this email" - I disagree. It could simply be a legit email from Facebook, with a broken template or data glitch causing the Spanish text in the link. After all, Facebook's email templates and features are written by people, and people make mistakes.

    @Polynomial I won't comment on this without have complete information, we are still awaiting for complete email header? Till then I like to keep all of my options open...

  • Can you provide some redacted headers? It's always possible to fake the source address.

    If there were links the email itself, check that those are actually on the domain. I would be more concerned about the content and were it wants you to go then where it came from if you are worried about the legitimacy.

    Usually if Facebook wants you to perform some action, it will be there when you log in via notification, if the actual link or message does not instruct you to visit that would be suspicious, because why would Facebook tell you to go directly to someone else's site? Even if they wanted you to visit a partner site, they would probably redirect you through a tracking link on

  • I'm not meaning to be nonconstructive - as I hate people that question the question rather than simply providing the answer - but is it necessary to click on the link if there is any doubt? I imagine perhaps a safer solution would be to log into facebook in a typical manner and navigate to whatever page is outlined in the email rather than directly linking to it.

    Better safe than sorry.

    But specifically on the validity of the domain, sorry I'm not sure, but it seems others have answered that better than I anyway.

  • if you get a reseller account, you can always manage your whois information. I did check Domain Whois as olynomial did. But again, if you have a reseller account, you can make your whois information anyone anywhere you like weather it is legitimate or not.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM