Microsoft is really bad with this. Login might be live.com or microsoftonline.com or maybe onmicrosoft.com. I went to report a vulnerability to their security portal this week and it redirected me to b2clogin.com.
OneDrive email attachments link to, I kid you not, 1drv.ms, or maybe it was 1drv.com…
Not to mention, they use .ms as if it’s their personal TLD, but obviously anyone can register a .ms domain. It’s like they want people to get phished.
Until this moment I assumed .ms was a Microsoft TLD, but indeed it is not https://en.wikipedia.org/wiki/.ms
Handy tip: all two-letter TLDs are country code TLDs. Doesn't matter if they're trendy in website names (.nu, .cc, .io, .co, .it, .at, .cx, youtu.be and so on)
In fact, here we have the ma.tt website, where the ".tt" is Trinidad and Tobago. Is Matt Mullenweg from Trinidad? No!
Though not all country codes point to a country. See .eu, .ac .su as different examples of stuff that breaks the rules.
the .su domain was made when the soviet union was still around, so that doesn't really break the rules. I would prefer for top level domains to be eternal for a great multitude of reasons
The possible annoyance with eternal country-code TLDs would be the dissolution of one country, and the creation (or renaming) of another country resulting in an eventual exhaustion of two-letter country codes. Eternity is a rather long duration.
Before exhaustion, you're likely to have new countries where they have to have suboptimal two letter codes, because a dissolved country is squating on it.
An interesting one is .uk, because the UK's country code is actually GB (the ccTLD is delegated, but unused).
And that's before we get into the really weird not-a-proper-country ones like .im or .pn.
if we run out of 2 letter TLDs, move to 3 letter ones. it really wouldn't be that hard. Also, that's assuming our current system stays in place
The country code TLDs are ISO country codes. Nothing technically requires that to continue, but if ISO re-uses a country code & ICANN doesn't, it'll get somewhat confusing.
If anyone would avoid reusing codes, it's the ISO. They love legacy compliance and compatibility (which is why I have tremendous respect for them when I'm designing software since they've certainly thought about something more than I have)
> so that doesn't really break the rules
At the time it did not break the rules. It's breaking the rules now because by the original rules it should have been phased out. What makes it survive is a special arrangement.
It's kind of crazy that the IRS (among other United States government agencies) uses ID.me for account management. The .me domain belongs to Montenegro.
I think ID.me is a private company. So yeah, it’s especially fucking stupid that they use that in the first place. Any gov login should be required to go through a .gov tld. At least reverse proxy it or something!
They also use .microsoft now (e.g. for the M365 admin portal).
We’re talking about the company who owns npm, one of the most hacked package registries in recent history. Can’t say I’m shocked, but this is so bad