I would love to know what problems, abuse, mistakes, fun, you’ve had… while testing systems that capture users e-mail addresses?
Have you seen users use purposefully incorrect or “throw away” e-mails?
Have you seen abuse, where people just put in someone else e-mail, or just make them up?
A system I’m working on may soon introduce capturing e-mail, without a full account, and I have a feeling it could get messy, but I don’t have much experience IRl, so I’m keen to hear your advice and stories!
Wow nice question @fullsnacktester
Here is my response below
Interesting scenarios I’ve had with email capture while being a software testing professional:
Patterns of Email Abuse
Intentional fake emails (gmail+spam@gmail.com)
Temporary/disposable emails services (Mailinator, 10MinuteMail)
Random string generation (asdf1234@example.com)
Use of a colleague’s or random public email addresses without consent
General Testing Challenges:
Preventing bot-generated submissions
Validate their format of authentication without other legitimate variations getting blocked
Control spam and noise from data collection
User privacy and avoidance of harassing Emails
Recommended Mitigation Strategies:
Email verification links
CAPTCHA or advance bot detection
Light friction (minimum additional steps)
Optional email capture vs mandatory
Create terms of use on email
Risk Mitigation Example:
A previous project implemented:
Key Insight: The less friction the better, but some validation saves from huge pollution of data. Capture mechanism design to balance user experience with quality of data.
Conclusion: Start conservatively, monitor patterns and tweak based on actual user behavior.
Hope this helps!!
Thanks,
Ramanan
Probably the ability to input +1
So you can have test@test.com but also test+1@test.com and it will go to the same email. By using this you can create hundreds of accounts.
FUNNY TRICK:
If you wish to know where you get ads or spam from; Create an account on the website using the following:
Let’s say facebook:
Let’s say twitter
Meaning if you get a random advertising email addressed to test+fb@test.com you now know that they got your data from facebook 