Thanks for your reply.
I do see it as a security concern at the moment, but maybe you can help me to understand.
With facebook and google, the never send emails from your domain without permission (e.g. [email protected]). They always send it from their own secure server.
The issue I see with wordpress, is that it can “pretend” to be any email address on your domain (e.g. [email protected]) – having the ability to do this is what I see as a concern.
