Hello, this is the official Youdao Ads team. We highly appreciate the vigilance you and the developer community show toward online security. However, we would like to respectfully clarify a few critical misunderstandings in your technical analysis:
Regarding Domain Security: We have thoroughly verified our domain and technical infrastructure. It is fully operational, passes mainstream security protocols, and is not being blocked by any standard security infrastructures. Any localized access issue may be due to temporary network configurations, not a systemic block.
Regarding Email Origin: Youdao Ads is an official brand under NetEase Youdao. The fact that our outreach emails originate from NetEase's internal servers is actually the strongest proof of their authenticity and legitimacy, rather than an indication of an internal vulnerability.
We are a legitimate ToB marketing service provider actively collaborating with global creators. We are completely open to discussing this further and proving our credentials.
Creator of AI-powered VS Code extensions (DotCommand, DotSense) & pro-level DevOps/Security tools (dotenvy, DOTCTL). My work includes a custom LLM for secret detection. Hacking on Next.js.
Thank you for commenting publicly — this is actually the most transparent way to handle this, and I appreciate it. Let me respond to each point with the same technical precision I used in the article.
On Domain Security:
Your claim that the domain "passes mainstream security protocols" is interesting, especially given the recent changes made to your infrastructure after my article was published.
On April 11 (when the article was written and you were actively soliciting creators), here is the exact verifiable response from your servers:
Fixing your infrastructure after the community raises red flags doesn't invalidate the original findings — it confirms that your domain was not properly operational when you were actively sending outreach emails to creators.
Additionally, independent third-party platforms — which I have zero affiliation with — scored your domain:
Note: This score has actually dropped further from 28.8 since the article was published.
I didn't create these scores. I reported them. The appropriate response is to address them with those platforms directly — not to request article removal.
On Email Origin:
You're arguing that emails from NetEase servers prove legitimacy. My article actually made the opposite point — the fact that the emails came from legitimate NetEase infrastructure is more alarming, because it suggests either:
A compromised corporate account
Unauthorized use of NetEase infrastructure
Inadequate internal security controls
Furthermore, your original outreach used corp.netease.com while this response comes from rd.netease.com — two entirely different NetEase subdomains. A legitimate unified brand operation would use consistent email infrastructure.
On Being a "Legitimate ToB Marketing Service":
I have no interest in damaging legitimate businesses. My entire analysis was based on:
✅ Verifiable email headers (reproducible by anyone)
✅ Independent security vendor scores (third-party, unaffiliated)
✅ Direct infrastructure responses at the time of outreach
✅ Standard OSINT methodology
If Youdao Ads is legitimate, proving it is straightforward. I formally requested the following via direct email:
Official business registration documents
NetEase Youdao's official PR statement authorizing this outreach campaign
Hello, this is the official Youdao Ads team. We highly appreciate the vigilance you and the developer community show toward online security. However, we would like to respectfully clarify a few critical misunderstandings in your technical analysis:
We are a legitimate ToB marketing service provider actively collaborating with global creators. We are completely open to discussing this further and proving our credentials.
Hi @YoudaoAds,
Thank you for commenting publicly — this is actually the most transparent way to handle this, and I appreciate it. Let me respond to each point with the same technical precision I used in the article.
On Domain Security:
Your claim that the domain "passes mainstream security protocols" is interesting, especially given the recent changes made to your infrastructure after my article was published.
On April 11 (when the article was written and you were actively soliciting creators), here is the exact verifiable response from your servers:
This was an active block from an Envoy proxy — not a local network issue.
As of today (April 28), after my article gained traction and your team contacted me requesting removal, the site now returns:
Fixing your infrastructure after the community raises red flags doesn't invalidate the original findings — it confirms that your domain was not properly operational when you were actively sending outreach emails to creators.
Additionally, independent third-party platforms — which I have zero affiliation with — scored your domain:
🔴 Scam Detector: 15/100 — "Risky. Dubious. Perilous."
Note: This score has actually dropped further from 28.8 since the article was published.
I didn't create these scores. I reported them. The appropriate response is to address them with those platforms directly — not to request article removal.
On Email Origin:
You're arguing that emails from NetEase servers prove legitimacy. My article actually made the opposite point — the fact that the emails came from legitimate NetEase infrastructure is more alarming, because it suggests either:
Furthermore, your original outreach used
corp.netease.comwhile this response comes fromrd.netease.com— two entirely different NetEase subdomains. A legitimate unified brand operation would use consistent email infrastructure.On Being a "Legitimate ToB Marketing Service":
I have no interest in damaging legitimate businesses. My entire analysis was based on:
✅ Verifiable email headers (reproducible by anyone)
✅ Independent security vendor scores (third-party, unaffiliated)
✅ Direct infrastructure responses at the time of outreach
✅ Standard OSINT methodology
If Youdao Ads is legitimate, proving it is straightforward. I formally requested the following via direct email:
No documentation has been provided yet. I will publish a full and prominent update section the moment it is.
The developer community deserves transparency — in both directions.
If the evidence supports an update, it will be updated. Publicly and prominently.
— FreeRave