[varun_ch]

Microsoft is really bad with this. Login might be live.com or microsoftonline.com or maybe onmicrosoft.com. I went to report a vulnerability to their security portal this week and it redirected me to b2clogin.com.

OneDrive email attachments link to, I kid you not, 1drv.ms, or maybe it was 1drv.com…

Not to mention, they use .ms as if it’s their personal TLD, but obviously anyone can register a .ms domain. It’s like they want people to get phished.

[Retr0id]

Until this moment I assumed .ms was a Microsoft TLD, but indeed it is not https://en.wikipedia.org/wiki/.ms

[amiga386]

Handy tip: all two-letter TLDs are country code TLDs. Doesn't matter if they're trendy in website names (.nu, .cc, .io, .co, .it, .at, .cx, youtu.be and so on)

In fact, here we have the ma.tt website, where the ".tt" is Trinidad and Tobago. Is Matt Mullenweg from Trinidad? No!

[mayoff]

It's kind of crazy that the IRS (among other United States government agencies) uses ID.me for account management. The .me domain belongs to Montenegro.

[anon7000]

I think ID.me is a private company. So yeah, it’s especially fucking stupid that they use that in the first place. Any gov login should be required to go through a .gov tld. At least reverse proxy it or something!

[the_mitsuhiko]

Though not all country codes point to a country. See .eu, .ac .su as different examples of stuff that breaks the rules.

[mghackerlady]

the .su domain was made when the soviet union was still around, so that doesn't really break the rules. I would prefer for top level domains to be eternal for a great multitude of reasons

[SAI_Peregrinus]

The possible annoyance with eternal country-code TLDs would be the dissolution of one country, and the creation (or renaming) of another country resulting in an eventual exhaustion of two-letter country codes. Eternity is a rather long duration.

[toast0]

Before exhaustion, you're likely to have new countries where they have to have suboptimal two letter codes, because a dissolved country is squating on it.

[mghackerlady]

if we run out of 2 letter TLDs, move to 3 letter ones. it really wouldn't be that hard. Also, that's assuming our current system stays in place

[the_mitsuhiko]

> so that doesn't really break the rules

At the time it did not break the rules. It's breaking the rules now because by the original rules it should have been phased out. What makes it survive is a special arrangement.

[RGamma]

They also use .microsoft now (e.g. for the M365 admin portal).

[anon7000]

We’re talking about the company who owns npm, one of the most hacked package registries in recent history. Can’t say I’m shocked, but this is so bad