My question is not specifically about Malwarebytes, so if not appropriate here, I'd appreciate a cite to a security forum where I might get an answer.
My basic question is: if a trusted business (legit.biz for example) sends me email where the sender's address and any URL links in the email point at legit.biz or one of its subdomains, AND I've done my job to make sure the DNS servers used by my device/LAN are legit (haven't been hacked), what is my level of confidence that said email is legit and any links in it are legit ??
The reason I ask this question is that I commonly receive emails (which turn out to be legitimate) where the sending company uses a mass communication service to actually send the email to me and to handle any links I might invoke from inside that email. Ergo, the domain of the sender and links is unfamiliar to me. This raises my concerns about spoofing and phishing, so (for a billing reminder, for example),I ignore the convenient links in the email, and I manually fire up my browser and go to the legit business website to login and pay my bill.
My second question is: Couldn't vendors who want to offload mass communications to other companies use a subdomain they own (eg., im_ok.legit.biz) to indirectly point sender address and internal email links to their mass communication services, thereby making it transparent to me, but at the same time letting me trust that legit.biz is taking responsibility for services they use to help them give me service.
If the answer to the above question is yes, then it makes sense for me to ask legitimate businesses to use their own domain/subdomains in emails they send to me so that I can easily trust the content and links contained therein. Right?