I wouldn't rely on this. Yes "contact.ba.com and contact.britishairways.com are valid British Airways subdomains", but the statement "If you have emails from those addresses they will be from BA" is false. It is trivially easy to forge a From address on an email. It has all the security of the sender address on a physical letter. On the other hand if they know your personal details, that itself is a very good sign that the communications are genuine.

Best advice: use a password manager (I used 1Password - no affiliation). It syncs between devices, your password will be individual per web site (so if one web site is compromised, people won't be able to use your password on other web sites - trying randomly with the same email address), and moreover as it enters the password for you, it substantially reduces the likelihood of you mistakenly entering your password on something that looks like the BA web site but isn't.