I have often wondered why we don’t see more usage of the brand gTLDs, which many of these big firms own. I muse that this is (part of) the reason why – there simply isn’t the understanding or recognition outside tech circles (or even within tech circles) to comprehend that it is possible to use such a gTLD without a conventional .com or similar suffix tacked on the end. I tend to see it localised to use for marketing micro sites that do not ask for credentials so have no need to establish user trust, or occasionally internal technical uses that will never touch the typical customer’s eyeballs.
The other reason I hypothesise is that corporate big brother snooping systems that have whitelists for their trusted services – with entries like mail.google.com or calendar.google.com – are simply too painful at this point for big tech to break for their customers by dropping the .com suffix, so big tech doesn’t bother.
I don't think you can put cookies on a TLD. So if Google used mail.google and calendar.google , the login system would be more complex, because they can't share cookies.
Yeah, it does make things more difficult in terms of teaching people a simple rule. Instead of "ends with @<company>.com", the rule is "ends with @<company>.com or .<company>".
OTOH, there were probably a lot of places already violating the "ends with @<company>.com" rule, e.g. by using subdomains, or even other domains. So very little of the online population was likely using the rule. And with email spoofing, even "ends with @<company>.com" can't be relied on to ensure the email is legit. So the rule of "don't click links in emails" is the only foolproof rule. Though you also need to add "don't copy and paste things from emails".
Yay for third-party email services that From: be a no-reply address from an entirely different company (and therefore only authenticity validation for that company), and a Reply-To: to some obscure mailbox from the supposed sender. I'm sure that makes perfect sense to most people.
> So the rule of "don't click links in emails" is the only foolproof rule.
The only truly foolproof rule is "don't open emails". Also helps a lot on mental health and associated expenditures!
greengreengrass|5 months ago
The other reason I hypothesise is that corporate big brother snooping systems that have whitelists for their trusted services – with entries like mail.google.com or calendar.google.com – are simply too painful at this point for big tech to break for their customers by dropping the .com suffix, so big tech doesn’t bother.
No hard data on any of that, though.
Thorrez|5 months ago
Thorrez|5 months ago
OTOH, there were probably a lot of places already violating the "ends with @<company>.com" rule, e.g. by using subdomains, or even other domains. So very little of the online population was likely using the rule. And with email spoofing, even "ends with @<company>.com" can't be relied on to ensure the email is legit. So the rule of "don't click links in emails" is the only foolproof rule. Though you also need to add "don't copy and paste things from emails".
arghwhat|5 months ago
> So the rule of "don't click links in emails" is the only foolproof rule.
The only truly foolproof rule is "don't open emails". Also helps a lot on mental health and associated expenditures!
r_lee|5 months ago
I could imagine something like x-mucrosoft.email etc. being used and the users would just be like well there was email.microsoft so same thing!