but why would they use shady looking domain names for this?

I’d guess so that ticketmaster etc. can’t identify which tickets are being sold via StubHub. If the domains were identifiable, ticketmaster could block the transfers.

But if StubHub (MarkMonitor Inc.) is visible in WHOIS, then ticketmaster could do a `whois emeraldsummitadvisors.com` and block still block it?

Cat and mouse game with Ticketmaster team..... next up anonymous registrations.

Yeah. That's a slightly more expensive endeavour. The question is is they can scale enough the number of domains and connect to send emails. New domains + not known can have not so good sending reputation. If they use low number of domains, Ticketmaster could start blocking new domains with more than average number of ticket purchases.

To most people it isn't shady looking? It gives the feeling that you're emailing a person, which might be what they're going for.

Totally just guessing: Maybe to reduce inbound spam that's forwarded to the buyers? If it was one central email address, spammers could just send a ton of images/PDFs to all known prefixes of that central domain, but needing to guess the prefix + right domain adds a layer of indirection? They may not do much validation on the forwarded tickets, just store it for disputes

Wouldn't it be much cheaper and effective to add a random secret to the bit before the at rather than after?

Shady looking domain names are usually cheap and available?

That's my best guess at least.

That makes no sense, why wouldnt it just be @stubhub.com or @stubhubtickets.com