I have often wondered why we don’t see more usage of the brand gTLDs, which many of these big firms own. I muse that this is (part of) the reason why – there simply isn’t the understanding or recognition outside tech circles (or even within tech circles) to comprehend that it is possible to use such a gTLD without a conventional .com or similar suffix tacked on the end. I tend to see it localised to use for marketing micro sites that do not ask for credentials so have no need to establish user trust, or occasionally internal technical uses that will never touch the typical customer’s eyeballs.

The other reason I hypothesise is that corporate big brother snooping systems that have whitelists for their trusted services – with entries like mail.google.com or calendar.google.com – are simply too painful at this point for big tech to break for their customers by dropping the .com suffix, so big tech doesn’t bother.

No hard data on any of that, though.

Yeah, it does make things more difficult in terms of teaching people a simple rule. Instead of "ends with @<company>.com", the rule is "ends with @<company>.com or .<company>".

OTOH, there were probably a lot of places already violating the "ends with @<company>.com" rule, e.g. by using subdomains, or even other domains. So very little of the online population was likely using the rule. And with email spoofing, even "ends with @<company>.com" can't be relied on to ensure the email is legit. So the rule of "don't click links in emails" is the only foolproof rule. Though you also need to add "don't copy and paste things from emails".

legit.

I could imagine something like x-mucrosoft.email etc. being used and the users would just be like well there was email.microsoft so same thing!