6

Take Security Stack Exchange, for example, which is my main SE site. Whenever I get an email relating to it, e.g. a question is closed, this bounty was accepted, whatever it is, the email is always from Stack Overflow, and not Stack Exchange, when Security SE is not even (directly) related to SO.

I have seen many duplicates as to the differences between SE and SO, and I get that SO is the 'flag-ship' site of SE network, but unless anyone knows of an exact duplicate- please don't flag this as one!

I am thinking that maybe Stack Exchange has appointed Stack Overflow as a 'manager' of sorts, because SO also announced the OpenAI partnership, which affects all SE sites. I am also guessing that SE don't have or can't manage/afford the resources needed to do this- but the system is automated, anyway.

But I would like a good answer as to why SO emails me (and everyone) about all SE sites.

P.S. I am not complaining in any way; I am just curious as to why this is the case.

The other day my question got closed and this was the email sender: [email protected].

Improve this question
17
  • 1
    Somewhat similar/related question from 2014: meta.stackexchange.com/questions/217880/…
    – rene
    Commented May 30 at 6:41
  • @rene that is a good question but doesn't have any answers and isn't exactly what I am asking. But yes- thanks anyway.
    – security_paranoid
    Commented May 30 at 6:59
  • What is the exact email domain of the sender of the emails you ask about?
    – rene
    Commented May 30 at 7:07
  • @rene I have included this in my edit. Is this the same for you?
    – security_paranoid
    Commented May 30 at 7:11
  • It is the one I expect.
    – rene
    Commented May 30 at 7:13
  • What was the subject line of that email?
    – rene
    Commented May 30 at 7:14
  • @rene thanks for taking the time to ask :) so they email you too?
    – security_paranoid
    Commented May 30 at 7:15
  • 8
    Stack Overflow is just the official name of the company, so I don't see anything wrong using it in emails.
    – Shadow Wizard
    Commented May 30 at 7:36
  • @ShadowWizard really???!!! I didn’t know! Very surprised! Could you please elaborate?
    – security_paranoid
    Commented May 30 at 7:53
  • 1
    Kind of related: What email domains are known to be used by Stack Exchange?, though I don't know if stackexchange.com domain is still used or not (need confirmation).
    – Meta Andrew T.
    Commented May 30 at 10:25
  • @security_paranoid: On every page, for example, this very page, in column "COMPANY", it says "Stack Overflow". But I think the name of the company changed over the years (unannounced). Though, weirdly, it links to the site Stack Overflow, not to information about the company Stack Overflow. And the lower right says "2024 Stack Exchange Inc". So what is the name of the company?
    – This_is_NOT_a_forum
    Commented May 30 at 19:47
  • cont' - stackoverflow.co says "Thousands of customers work with Stack Overflow to centralize documentation and improve efficiency, including teams at Microsoft, Bloomberg, Chevron, Instacart, Expensify, Zapier, and more.". But are they talking about the product or about the company?
    – This_is_NOT_a_forum
    Commented May 30 at 19:54
  • cont' - /company: "Documents relating to the legal entity, Stack Exchange Inc., mainly for suppliers, vendors or potential employees.". And the logo is the Stack Overflow logo on the same page.
    – This_is_NOT_a_forum
    Commented May 30 at 19:59
  • cont' - It isn't clear at all.
    – This_is_NOT_a_forum
    Commented May 30 at 20:01
  • 1
    It is stated explicitly here (not just implied): "Stack Exchange, Inc. is the official name of the company.". The stackoverflow.com in the email address is probably for historical reasons.
    – This_is_NOT_a_forum
    Commented May 30 at 20:03

1 Answer 1

Reset to default
4

They try to use a single domain as sender of emails originating from interactions on any site within the network.

The domain used for that purpose is stackoverflow.email

One reason to do this is for end-user security reasons. From the answer of m0sa on Meta Stack Overflow

We use it to protect stackoverflow.com user cookies from third parties. The links in the email are all rewritten to a stackoverflow.email subdomain, CNAMEd to a third party service we use for sending emails, and tracking email stats (spam reports, bounces, deliveries, views, clicks).

In the above quote you can replace stackoverflow.com with any other domain for SE sites, i.e. superuser.com, serverfault.com, askubuntu.com, stackapps.com, mathoverflow.net, *.stackexchange.com.

In the past it has been argued that the email should have a sender address from the site that triggered the email.

However, Nick Craver explained in a comment why that is not the easiest and maintainable solution for them

It's not about buying 2 domains, we'd have to buy many more than that, Ask Ubuntu, Math Overflow, Super User, Server Fault, Stack Apps, and Stack Exchange .email domains. Then we'd need certificates for all of them. And we'd need IPs or aliases for them. And DMARC support. And reputation monitoring. And we'd have to build into the entire system what to send from where. These added up are significantly more than "just buying another domain". Not that it helps much, but I wanted to illustrate the scale of the simple fix implied here...because it's not simple.

And when it comes to end-user convenience Oded answered here

  • it will make it difficult to whitelist all SE emails

Because it can be confusing to receive an email from a domain you might not recognize it is argued that either the sender display name and/or the email subject line should include the name of the originating SE site.

If you receive an email that doesn't follow that pattern, I suggest raising a bug.

Improve this answer
2
  • It would probably make more sense to use @stackexchange.com as the generic sender address. But history makes @stackoverflow.com more practical.
    – Barmar
    Commented May 30 at 23:40
  • 1
    @Barmar that would cause the same issue of sharing cookies because your auth cookies are for that TLD, not per subdomain. That is to support Universal Login, aka the homebrew Single Sign On solution of SE.
    – rene
    Commented May 31 at 7:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .