Most experts agree that adding an email address or domain to the global Trusted Senders is not good practice. It's an open door -- anyone can spoof the address or domain.
So I suggest qualifying Trusted Senders with SPF or DKIM so that if the name matches AND it passes the test (sent from correct IP, etc.) then let the message through.
Example: add facebookmail.com to Trusted Senders and if it passes SPF and/or DKIM, bypass Greylisting and SpamAssassin. Greylisting delays delivery and SA eats up CPU and could send it to Junk folder. Maybe there's a way to do this already? Like if spam score < 0, don't run SA?