All our official emails are sent exclusively from secure and verified domains to guarantee authenticity and reduce the risk of phishing and spoofing.
| Domain | Purpose |
|---|
dscapp.com | Main mail server for general account notifications, product updates, and transactional messages |
support.dscapp.com | Used by Gleap (live chat) for support communications, follow-ups, and ticket updates |
payments.dscapp.com | Currently used for invoices via Stripe; will soon be replaced by payments@dscapp.com |
Any email sent from a domain not listed above should be treated with caution and verified through official support channels.
Display Names#
Emails sent from our domains may use one of the following display names to help you easily identify the sender.In some cases, there may be no display name; as long as the domain matches one of the official domains listed above, the email can generally be considered legitimate.
Recognizing Legitimate Emails — Practical Guidance#
The items below explain concrete checks and behaviours users should apply when they receive email that appears to be from Ricardoneud.com or a related domain.If an email urges immediate action (e.g., "act now", "your account will be closed", "pay immediately"), treat it as suspicious until you verify via official channels.
Quick checklist (apply in order)#
1.
Check the sender domain — confirm the email address ends with one of the official domains (dscapp.com, support.dscapp.com, payments.dscapp.com).
2.
Do not trust the display name alone — display names can be forged; always inspect the raw email address.
3.
Hover (don’t click) on links — verify the actual URL shown in the browser tooltip matches an official domain or a known safe domain.
4.
Do not open unexpected attachments — especially if the message has poor grammar, unexpected invoices, or unknown file types (.exe, .scr, .zip).
5.
Validate invoices via the dashboard or support — do not pay directly from a link in an email; instead, log in to your account via the official website or contact support to confirm.
6.
Use a link-verification tool before clicking if unsure (see Tools section below).
If the domain matches an official domain but you remain uncertain (e.g., unusual wording, unexpected request), forward the email to our support team for verification rather than interacting with it.
How to Inspect an Email (step-by-step)#
1. View full sender address#
Most email clients show a friendly display name; expand or view details to see the full user@domain address.
Confirm domain exactly matches one of the official domains (no extra characters, no homoglyphs).
2. Inspect the link destination#
Hover over links to reveal the destination URL in the client or browser status bar.
Look for red flags: mismatched domains, long query strings that hide the real destination, domains that resemble ours but use different TLDs (e.g., .co instead of .com), or multiple redirects.
Check for SPF, DKIM, and DMARC results in the message headers. Legitimate outgoing mail from our systems should be authenticated.
Example header indicators to look for:Authentication-Results: spf=pass (google.com: domain of dscapp.com...)
If authentication fails (spf=fail or dkim=fail), treat the message as suspicious.
4. Inspect headers for originating IP and path#
Advanced users: view full headers to confirm the originating IP and relay path. If the message originates from an unexpected mail server, escalate to support.
5. Do not follow payment links from suspicious emails#
If an invoice arrives unexpectedly, open your account portal directly (do not click the email link) and check the billing section.
Examples of Common Phishing Indicators#
Sender address uses slight typos, additional characters, or look-alike letters (e.g., dsCapp.com, dscapp-support.com).
Urgent language demanding immediate payment or credential disclosure.
Generic greetings instead of personal account information (e.g., "Dear user" vs your account name).
Poor grammar, spelling errors, or awkward phrasing inconsistent with professional correspondence.
Attachments with executable or compressed file types, or invoices from unknown payment processors.
Links that point to IP addresses, shortened URLs, or unrelated domains.
Any single red flag is cause for caution; multiple red flags strongly indicate a phishing attempt.
Recommended quick checks before interacting:Use a link scanner such as Check Je Linkje to preview and analyze URLs for malicious redirects. Use comprehensive scanners such as VirusTotal to analyze suspicious files or URLs.
Use your browser's "Open link in new tab" preview carefully — but only after verifying the displayed target.
1.
Copy the link (do not click).
2.
Paste into a reputable scanner (Check Je Linkje, VirusTotal, Sucuri) and review the report.
3.
If the scanner shows redirects to unknown domains, or flags the link, treat as malicious.
1.
If unexpected, do not download.
2.
If you must inspect, upload to VirusTotal for automated scanning first.
3.
For sensitive environments, isolate attachments in a sandboxed system.
How to Report Suspected Phishing#
1.
Do not click links or download attachments.
2.
Forward the suspicious email to our support contact for verification: use the contact page — https://dscapp.com/contact — to obtain the correct reporting address if unsure. 3.
If the email pretends to be billing-related and requests payment, include the message headers when you forward, so we can trace the source.
4.
Consider reporting to your email provider (e.g., mark as phishing) to improve broader protections.
Recommendations to Improve Personal & Organizational Safety#
Enable multi-factor authentication (2FA) on your account to reduce the impact of compromised credentials.
Whitelist official sending domains in corporate spam filters and email clients to improve deliverability — but configure filters conservatively to avoid whitelisting malicious look-alike domains.
Train staff and users on phishing indicators and create a straightforward reporting process.
Keep software and antivirus up to date on all endpoints.
Use dedicated payment portals rather than paying via links received in email.
All outgoing emails from our systems are authenticated with SPF, DKIM, and DMARC. If you observe messages that fail these checks and claim to be from us, escalate to support immediately.
Never provide passwords, authentication codes, or bank/payment card details in response to an unsolicited email. We will never ask for your password via email.
Communication Types (summary)#
Support & Ticketing: Sent from support.dscapp.com.
Billing & Payments: Sent from payments.dscapp.com (soon replaced by payments@dscapp.com).
Last Resort — If You Believe You Were Compromised#
1.
Immediately change your password using the account settings page on our official website.
2.
Revoke active sessions and API keys where applicable.
3.
Contact support via the official support page.
4.
Monitor financial accounts and, if payment details were shared, contact the payment provider and your bank.
