Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.

“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

  • palordrolap@fedia.io
    link
    fedilink
    arrow-up
    9
    ·
    22 days ago

    There ought to be no limitation with, say, email.facebook.com. Sure, have the domain facebookemail to prevent bad actors grabbing it, but only use it as a redirection.

    I don’t think there’s mail server software in existence that would choke on a subdomain like that. There might be a few mail admins too easily confused to be able to set it up, but I doubt there are any of those at Facebook.

    That said, most people aren’t going know that a subdomain is safer than a legitimate looking alternative, so maybe it’s all moot.

    Tangentially, it seems that someone has squatted on facebook-email.com (note the hyphen), so I expect that Zuck’s lawyers are crawling all over whoever’s done that.

    • FourPacketsOfPeanuts@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      21 days ago

      I’m not up to speed on exactly how spam filters blacklist domains but I strongly suspect if Gmail thought spam was coming from email.facebook.com then it would restrict facebook.com too. That’s the only reason I can think of for creating such a clunky domain; it’s that a neater looking sub domain won’t avoid the problem - hence having to register something completely different.

      • palordrolap@fedia.io
        link
        fedilink
        arrow-up
        1
        ·
        21 days ago

        That sounds like a preference that would be added by whoever configured the server rather than anything else. I’ve definitely seen situations where a third-level domain has been under the control of (or sold to) a third party and so it wouldn’t make sense to block the second-level, or other third-levels branched off from it if only one third-level misbehaved. Edit: And I don’t just mean countries that treat second-level as top-level for some uses, like, say .co.uk.

        I have no idea what the defaults are for various automatic spam blockers, since both arguments have merit.