Sort:  

Ahh, yes. That's a misconfiguration on their part; looks like the raw domain, without the www, is configured to point to their mailserver, so [email protected] will work correctly (poorly done, should've had the A record point to the website and the MX record point to the mailserver), so if you manually type https://dashlane.com, it breaks.

That is badly insecure, because it means they don't have HSTS on dashlane.com, only on www.dashlane.com, meaning I could sslstrip them as you described, and the address bar would read dashlane.com instead of www.dashlane.com.

Coin Marketplace

STEEM 0.25
TRX 0.25
JST 0.040
BTC 94194.88
ETH 3392.03
USDT 1.00
SBD 3.50