Yahoo is sending email from no-reply@cc.yahoo-inc.com
I just received an Unexpected sign-in attempt email from yahoo. The from address is no-reply@cc.yahoo-inc.com. I was sure this was a phishing email. But this is the from address yahoo chooses to use for official account related emails. This seems like a really poor choice for people trying to determine if emails are from the actual company. Anyone have any thoughts or insight on this? Why not use no-reply@cc.yahoo.com or even no-reply@yahoo.com so it's more clear it's from Yahoo.
5 comments
[ 2.4 ms ] story [ 25.5 ms ] threadYou really need to read all of the Received: headers to see where the email transited (and, note, a phisher can insert fake Received: headers as well, so you have to be careful analyzing them to detect something amiss).
To answer your point though, it is unfortunately very common for organisations to use alternate domains for services you'd expect to have a high level of security.
For example many banks have their online banking portal on a completely separate domain. The main website might be "examplebank.tld", while the online banking portal is "examplebank-portal.tld".
Why they don't just use "portal.examplebank.tld" is a mystery...