2

I've been going through a hassle with a big mobile company about if I should click into a link in an email that I think is from them. The email and the link inside is not obviously from the company, as the domains do not match up to the providers domain, or alternate domains. It seems through discussion on the company forum that it's not clear that this email is legit. This has been a confusing situation.

Should large companies have a security standards page, wherein they list all legit emails and domains that belong or are associated with them? For someone like me who checks the sender email and the domain of the links within it, I want to know who they are. If the company listed them on their website I would feel instantly safe. But instead I've wasted hours trying to resolve this situation without an answer yet.

My question - does such a scheme exist to list legit emails/domains on company websites? If not, why? If so, where?

firefox
  • 21
  • 1
  • Two things: 1) Companies do whatever gets them the best bang for the buck. They wouldn't do this unless a lot of people adopted this sort of check into their workflow. That's why the green lock icons for HTTPS got removed from browsers - people didn't use it. 2) People go fast and it's easy to fool them. For example, stackoverflow.com vs stackoverfiow.com. See the difference? All it takes is someone parking on a look-alike domain to subvert a list like this. The list only shows the bad guy what exactly to target. That said, I do hate link shorteners in email and 3rd party email services. – Fire Quacker Aug 17 '20 at 21:01
  • The email from-address can be anything, it's totally easy spoofable. You can never be sure. – Marcel Aug 18 '20 at 07:28

1 Answers1

1

Opinion: They SHOULD use their own domain both as the from-address in mails as well for any links in any communication.

It's only for their benefit. This will help mitigate password stealing for their users, avoiding bad press in the long run.

Marcel
  • 3,536
  • 1
  • 19
  • 37