Been informed that SM does not work on the top-level domain when trusting domains that come from sub-domains. This is quite confusing for users when they trust chase.com, but emails come from say x@notifications.chase.com, many users dont understand the difference between a sub-domain and the top-level domain, all they know is chase.com or paypal.com etc.

Maybe this is something that can be added the the RC before going public? It should be very easy to parse the domain out of a subdomain using something like Nagger.PublicSuffix.