Information Security Asked on November 14, 2021
I have just received a message asking to consent to PayPal policy updates from the domain:
https://epl.paypal-communication.com
The actual link is full of trackers. Given the domain name, it sounds like a routinely email spoof. Also, visiting the domain, you are welcomed by a “503 Service Unavailable” message.
After some investigations, including whois
, the weird domain seems really linked to PayPal.com. That being the case:
Why should a company (and in particular a company dealing with payments) send messages from another domain?
Why add countless trackers if you can already recognise users from logon?
Should the practice of sending messages from somecompany.com
using anothercompany.com
become established, it will be virtually impossible to us users telling if a website is legit or a scam.
I am going to add my two cents to this.
Those of you who have received said email that has a hyperlink "epl.paypal-communication.com/xxxxxx" have any of you ever clicked on the link and allowed it pass your AV/browser extensions blocks?
As after analyzing the email header, I also have deemed that these emails are being sent through some sort of "affiliate" of PayPal.
Allowing the link to progress does resolve to a legitimate page at PayPal.com, it does not take you to a spam/phishing website.
I am attaching an analysis from said header of the email thats has the embedded link that contains the domain epl.paypal-communications.com
https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=ef39fbf8-320c-4817-94b4-ca92caea1610
That PayPal seem to not want to assist those of us who have contacted them regards this and that we have shown we have all the tools that show us that there does seem to be some affiliation between PayPal and this domain, that the responses from support totally disregard this volume of information, I for one deem that something fishy is going on with PayPal and how they do not want to share this affliation they have with said domain.
Am unsure (I only became a member after becoming frustrated with not finding a definitive answer to this issue) if I can attach the link from the email, but here it is below.
https://epl.paypal-communication.com/T/v40000017178e33c1f8f07c66e96c660f0/d75240de57f64a790000021ef3a0bcc4/d75240de-57f6-4a79-bbc5-dba60daba60e?dU=v0G4RBKTXg2GtDSXU69hUjn5RqR7EEyYkx https://epl.paypal-communication.com/T/v40000017178e33c1f8f07c66e96c660f0/d75240de57f64a790000021ef3a0bcc5/d75240de-57f6-4a79-bbc5-dba60daba60e?dU=v0G4RBKTXg2GtDSXU69hUjn5RqR7EEyYkx
The first link will resolve to
And the second link will resolve to
As others have posted, they seem to be 3rd party affiliates of PayPal.
That PayPal are in denial about this, well we are free to draw our own conclusions .....
Answered by Andreas Yianni on November 14, 2021
Should the practice of sending messages from somecompany.com using anothercompany.com become established, it will be virtually impossible to us users telling if a website is legit or a scam.
Unfortunately, this practice is already established - and yes, it makes it very hard to tell legitimate communications from spam. Companies use partners and third parties to handle their email all the time.
Why should a company (and in particular a company dealing with payments) send messages from another domain?
Because companies outsource non-core functions like marketing to third parties for economic reasons.
Why add countless trackers if you can already recognise users from logon?
Trackers can provide a lot more psychographic information than logon can, and that information is valuable to marketing departments.
Answered by Mark Beadles on November 14, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP