
Yahoo is sending email from no-reply@cc.yahoo-inc.com - saluki
I just received an Unexpected sign-in attempt email from yahoo. The from address is no-reply@cc.yahoo-inc.com. I was sure this was a phishing email. But this is the from address yahoo chooses to use for official account related emails. This seems like a really poor choice for people trying to determine if emails are from the actual company. Anyone have any thoughts or insight on this? Why not use no-reply@cc.yahoo.com or even no-reply@yahoo.com so it&#x27;s more clear it&#x27;s from Yahoo.
======
jamieweb
Try to check the SPF and DKIM against Yahoo's to help determine whether the
email is real or not.

To answer your point though, it is unfortunately very common for organisations
to use alternate domains for services you'd expect to have a high level of
security.

For example many banks have their online banking portal on a completely
separate domain. The main website might be "examplebank.tld", while the online
banking portal is "examplebank-portal.tld".

Why they don't just use "portal.examplebank.tld" is a mystery...

------
mtmail
Employees have @yahoo-inc.com email addresses so technically it's more trust-
worthy than coming from @yahoo.com. A random internet user could register
customerservice2018@yahoo.com, harder to impossible with yahoo-inc.com. The
differentiation started 20 years ago when Yahoo! launched their email service.
Yes, it's confusing. (Having a ! as part of your branding is also confusing).

~~~
saluki
Hey, now that makes sense, I'd rather see inc.yahoo.com or official.yahoo.com
but this makes sense. I'd never noticed/ran across it.

------
pwg
If you are only looking at the email From: header value, that is trivial for a
phisher to fake.

You really need to read all of the Received: headers to see where the email
transited (and, note, a phisher can insert fake Received: headers as well, so
you have to be careful analyzing them to detect something amiss).

------
Rjevski
I would trust a random phisher way more than the real Yahoo.

