Facebook is sending me security notification using @facebookmail.com while one the biggest normalization organization of my country use a @promotions-{realdomain}.org...
Why are they doing this?
On the web we are being taught that (rare dns spoofing aside) we can trust domain name.It's not the case on email side?
There seems to be some origin authenfication protocol like SPF, DKIM and DMARC.
Why it looks not widely used, especially in huge company like facebook?