Common tactic to make sure that delivery of notifications is isolated in reputation from the main domains. That way, if notifications are be reported as spam and thus land in a number of distributed blacklists, at least corporate communication still works.

Why don't they use a more obscure domain for internal corporate communication and keep the widely recognized one for messages to end users? Is it just the vanity that people who work there like to be mark.zuckerberg@facebook.com?

If you ask a Meta employee this you’ll no doubt get some internal structural / political justification, and they’ll say it to you with a straight face.

Let’s also all think back to 2011 or so when Facebook thought it’d be a good idea to try to vacuum up all its users’ emails by giving us all @facebook.com email addresses, buying fb.com in the process. As I recall they killed it after a couple few years.

Why does any company needs more than one 2nd level domain?

Microsoft, I'm looking at you (https://learn.microsoft.com/en-us/microsoft-365/enterprise/u...). It nerve-wrecking trying to figure out if some login box or link is legit. They claim to be transitioning to cloud.microsoft, but if you go there, you are redirected to yet another new domain (microsoft365.com) which looks like a scam site, which doesn't render properly in Firefox.

Why do we allow this?

Domains used for bulk outbound email are typically separated from the normal corporate email domain to prevent employee emails getting blocked at customer mail gateways by anti-spam heuristics. Practically every large org gets burnt by this once, learns their lesson, and then splits their domains.

Microsoft has something like a hundred domains, including purposefully misspelled ones like "microsft.com", which is real, owned by them, and regularly used to bypass "security filtering" by paranoid admins.

> Microsoft has something like a hundred domains, including purposefully misspelled ones like "microsft.com", which is real, owned by them, and regularly used to bypass "security filtering" by paranoid admins.

You are off by orders of magnitude there on that number.

> Why does any company needs more than one 2nd level domain?

Re: the first part of your comment, the most common reason I've seen is companies using 2nd domains to send emails that are at higher risk of bouncing or being marked spam (newsletters, cold outreach, etc). And using your primary domain to send "more important" emails from.

Yeah, noticed that. Complete BS and just training people to be phished.