| ▲ | InsideOutSanta 5 days ago | ||||||||||||||||||||||||||||
This exactly. It's actually wild how much valid emails can look like phishing emails, and how confusing it is that companies use different domains for critical things. One example that always annoys me is that the website listing all of Proton's apps isn't at an address you'd expect, like apps.proton.me. It's at protonapps.com. Just... why? Why would you train your users to download apps from domains other than your primary one? It also annoys me when people see this happening and point out how the person who fell for the attack missed some obvious detail they would have noticed. That's completely irrelevant, because everyone is stupid sometimes. Everyone can be stressed out and make bad decisions. It's always a good idea to make it harder to make bad decisions. | |||||||||||||||||||||||||||||
| ▲ | OkayPhysicist 4 days ago | parent [-] | ||||||||||||||||||||||||||||
I can answer why this is at the company I work at right now: It's a PITA to coordinate between teams, and my team doesn't control the main domain. If I wanted my team's application to run on the parent domain, I would have to negotiate with the crayon eaters in IT to make a subdomain, point it at whatever server, and then if I want any other changes to be made, I'd have to schedule a followup meeting, which will generate more meetings, etc. If I want to make any changes to the mycompany.othertld domain, I can just do it, with no approval from anyone. | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||