Hacker News new | ask | show | jobs
by mariusc23 3581 days ago
I received an email from @dropboxmail.com about this. I figured it was a phishing attempt... I guess not.
2 comments
Spiritus 3580 days ago
Why aren't they using dropbox.com instead of the suspicious looking dropboxmail.com?
link
inertial 3580 days ago
One reason could be to not let spam reports on dropboxmail.com affect the primary domain's reputation (which is also used for corporate communication). If for any reason, the reputation of dropboxmail.com is compromised, they can move on to dropboxmail-1.com etc.
link
wodenokoto 3580 days ago
Facebook does/did the same. Must be some reason for it.
link
eriknstr 3580 days ago
I began investigating DNS records to determine if there was some way there to conclusively ascertain that dropboxmail.com was legitimately owned by Dropbox. I could not find a way to determine this through DNS.

Next, I went to dropboxmail.com in my web browser, which redirected me to a page on dropbox.com [0] assuring me that dropboxmail.com was owned by dropbox.com.

[0]: https://www.dropbox.com/en/help/217

link
jamesdwilson 3577 days ago
The redirection is not a valid way to test ownership as an attacker can easily redirect.
link