Just to be clear, change to our non-discardable domain is not going to be particularly painful. I and a few colleagues are "piloting" paypal-inc.com. We knew that some trial and error (and debate) was in order before rolling it out across the company.
But if we pick a domain that is entirely unrecognizable as being from "us", that might be a harder sell within the company than paypal-inc.com (especially since yahoo already operates yahoo-inc and has for a long time). -- Brett On Sep 9, 2010, at 2:15 PM, Douglas Otis wrote: > On 9/9/10 9:51 AM, McDowell, Brett wrote: >> Mike, I appreciate all the comments you shared in your last response. I'm >> replying to only one of them because I think this may be the consensus "best >> practice" I was looking for. >> >> On Sep 9, 2010, at 12:36 PM, MH Michael Hammer (5304) wrote: >> >>> The general rule would be to use a different domain that is >>> far enough from the transactional/brand domain that the risk of use for >>> enduser phishing is mitigated. >> Does everyone agree that this is the "best practice" for the use case >> provided (ignoring I only gave you two namespace options)? >> > Brett, > > Until more comprehensive policy becomes available, yes. > > In general, using a cousin domain is a bad practice, where the term > "far" has not been met by your current practice. It may have been > better to have used something like your stock symbol instead. Such a > change will be painful, and likely of little benefit, since users will > have been exposed to spoofing to a point where they should be wary of > cousin domains. Then again, there is always the next generation to > consider, assuming they will still be using email. > > -Doug > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
