Why would PayPal send messages from another domain (“epl.paypal-communication”)?
I have just received a message asking to consent to PayPal policy updates from the domain:
https://epl.paypal-communication.com
The actual link is full of trackers. Given the domain name, it sounds like a routine email spoof. Also, visiting the domain, you receive a "503 Service Unavailable" message.
After some investigations, including whois, the weird domain seems really linked to PayPal.com. That being the case:
Why should a company (and in particular a company dealing with payments) send messages from another domain like “epl.paypal-communication”? Why add countless trackers if you can already recognize users from logon?
Should the practice of sending messages from somecompany.com using anothercompany.com become established, it will be virtually impossible for us users telling if a website is legit or a scam.
Should the practice of sending messages from somecompany.com using anothercompany.com become established, it will be virtually impossible for us users telling if a website is legit or a scam.
Unfortunately, this practice is already established - and yes, it makes it very hard to tell legitimate communications from spam. Companies use partners and third parties to handle their email all the time. Why should a company (and in particular a company dealing with payments) send messages from another domain like “epl.paypal-communication”? This is because companies outsource non-core functions like marketing to third parties for economic reasons.
Why add countless trackers if you can already recognize users from logon? Trackers can provide a lot more psychographic information than logon can, and that information is valuable to marketing departments.