alt Hacker NewsWho even can be sure microsoftonline.com is legit. Microsoft's domain story is such a mess, I wouldn't be surprised if not even internally they have one complete list of all the domain assets they own.
But they are not alone. It is kind of ironic when companies insist that we check the domain to spot spam but are unable publish a list with all domains they officially use to send mail.
Replies
Not only that, but they wrap the links in their email with click tracking provided by domains that have nothing to do with them (Mailgun or whatever). So even if you try to introspect the links you're clicking, they seem to go to a scammy domain even if they're legit!
Bluesky is even worse, some of their emails come from "[email protected]".
They have to make posts to assure people it's not a scam, especially as they'll ask you to mail ID etc to that address:
Remember those indian microsoft support centers and that strange correlation of you being called by a indian microsoft scammer the next day after you called there. Not implying causation.. just..
> Who even can be sure microsoftonline.com is legit.
Yeah. I queried the 1st thing that came to mind and internalmicrosoft.com and microsoftinternal.com are available. With that much potential out there, I'd want to keep my official domain group tight.
Seems like it would make sense to only use subdomains of microsoft.com?
> unable publish a list with all domains they officially use to send mail
That's because people report them as spam, so they hop domains to avoid that.
https://github.com/HotCakeX/MicrosoftDomains
...and microsoftonline.com is not among them (unlike microsoftonline.net and other variants). But it seems to have been registered in 2002, and the record looks legit:
I got used to that one, but the other day I was checking Outlook in the web browser and I ended up on outlook.cloud.microsoft, I couldn't believe my eyes.
Such a list will never exist in an organisation of this size, with the amount of delegated management and operations required for these functions. In fact, it’s unlikely such a list is even _allowed_ to exist given the sensitive nature of some areas of the business, being a publicly traded company which works directly with regulated entities and governments.
It’d be interesting to hear a senior old-timer from MS to weigh in on their blog about this, and similar/adjacent problems that arise from working across such a colossal entity.
It’s a wonder they ever release anything new, if I’m being completely honest. The amount of governance, hoops, process and procedure across every aspect of their business must be staggering.
“So Microsoft’s domain story is a total mess?”
“Always has been.”
https://www.techmonitor.ai/technology/microsoft_forget_to_re...
This was a common issue when I consulted with bankruptcy lawyers and had to figure out what domain assets the company had. Commonly the representatives only knew about some of the domains and we found at least a few more.
Same with third party services, sometimes they used one for something for a while and collected customer or user data there and then stopped but kept paying for it, and forgot they had it. We typically found these through analysis of their accounting.
> Who even can be sure microsoftonline.com is legit
Spam filters.
Tangent: I used to receive at least a dozen bank scam calls per day in India, especially during insurance renewal. I wanted the banks to publish official phone numbers and mandate their employees to use only official numbers.
Recently the regulatory bodies did just that and so the banks should only use 1600 numbers to contact their customers. My bank scam calls have dropped to 0.