Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-94618

Improve transparency of email notification tracking domains

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      Jira Cloud customers are receiving notifications from *.ss-inf.net domains.
      There are several concerns about the appearance and perception of these links, including:

      • The domain .ss-inf.net appears unconventional and is *not immediately recognizable as belonging to Atlassian
      • This has led to user confusion, with some emails being flagged as spam or phishing attempts
      • If users are conditioned to trust obscure or non-branded domains, it undermines phishing awareness training. Employees are taught to avoid clicking on unfamiliar or suspicious links, and this domain directly contradicts that principle, making it harder for users to discern legitimate emails from malicious ones.
      • The use of tracking links with an obscure domain prevents emails from being loaded in the correct browser profile, as the URL is not immediately identifiable as part of the Atlassian ecosystem
      • The domain uses a generic structure that doesn't reference Atlassian directly (e.g., atlassian.com). This makes it easier for attackers to create lookalike domains (e.g., atlas-trk.prd.msg.ss-1nf.net or atlas-trk.prd.msg.ss-int.net) to conduct phishing campaigns
      • Many email security systems and firewalls are configured to block domains that don't match the sender’s official domain (e.g., emails from atlassian.net linking to ss-inf.net). This could lead to:
        • Legitimate emails flagged as phishing or spam
        • Users being unable to access Jira or other Atlassian services without manual intervention (e.g., whitelisting the domain).
      • Employees receiving emails with cryptic links are less likely to click them, even if they are legitimate
      • A confusing domain structure may make Atlassian appear unprofessional or careless about user safety
      • End users may raise more support tickets out of concern that these links are phishing attempts, further burdening IT support teams
      • Some organizations might view the use of tracking URLs as a privacy risk, particularly in industries with strict regulations like GDPR (General Data Protection Regulation). Users might question whether their data is being handled securely
      • Public backlash, as users raise concerns about why Atlassian is using confusing domains
      • Loss of goodwill and trust among customers, especially those in security-sensitive industries

      Example:

      https://atlas-trk.prd.msg.ss-inf.net/*

      Note:
      This domain is a legitimate domain and is listed in IP addresses and domains for Atlassian cloud apps

      Reasoning

      Improving the transparency and branding of notification emails would help reduce customer confusion, improve deliverability rates (by reducing spam flagging), and align with best practices for email security and user trust.

              Unassigned Unassigned
              5c44fabb84d9 Delfino Rosales
              Votes:
              6 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: