Why are orders being placed with @dummy.email addresses?
Summary
What email marketers say12Marketer opinions
Email marketer from Email Geeks suggests checking the client's code for handling invalid addresses, in case of an exploit.
Email marketer from Digital Marketing Institute mentions using dummy emails can distort marketing analytics, making it difficult to accurately assess the performance of email campaigns and overall user engagement. He advocates for clean and verified email lists.
Email marketer from Quora shares dummy emails might be used for users wanting to avoid providing personal information to reduce spam, or when creating temporary accounts for limited-time access.
Email marketer from Online Marketing Blog suggests that the use of dummy emails might indicate issues with the website’s registration process, recommending the implementation of CAPTCHA or email verification to improve the quality of sign-ups.
Email marketer from Email Geeks suggests that it could be 500 attempts to validate stolen CC data, especially if transactions are approved but orders not fulfilled.
Email marketer from Reddit mentions that they would prefer a full stop instead of dummy email for testing purposes. This provides a valid format but to a non-existent domain.
Email marketer from Neil Patel notes that dummy emails are sometimes used to bypass email signup requirements. He advises implementing strategies like double opt-in to combat this and ensure legitimate sign-ups.
Email marketer from Webmaster Forum mentions that dummy emails are often used to test forms or software without risking spamming real users. It allows to check the functionality of email sending without actually sending it to real addresses.
Email marketer from Email Geeks shares that the MX record for dummy.email points to a hosting provider.
Email marketer from StackExchange suggests that `dummy.email` may be used in test environments or for users who don't want to provide a real email address. It might also be used by bots.
Email marketer from MarketingLand suggests that if a large number of accounts are being created with dummy emails, it could indicate fraudulent activity such as bot signups or fake orders. It’s important to monitor and validate such accounts.
Email marketer from Reddit shares that dummy emails can be used for testing purposes in development environments to prevent sending real emails during development.
What the experts say5Expert opinions
Expert from Email Geeks suggests that the website dummy.email is parked and likely a squatted domain.
Expert from Email Geeks tested dummy.email and confirmed the email address does not exist. Provides a data point that it is a non functioning email.
Expert from Word to the Wise shares the importance of sanitising test data which should include things like changing domains like dummy.email to example.com. Also mentions that you must ensure you're following data protection laws when using test data that may refer to real individuals.
Expert from Email Geeks shares that dummy.email doesn't seem like a traditional disposable email service. Suggests checking the client's purchase metadata (IP addresses) and whether developers have used dummy.email in test data.
Expert from Email Geeks speculates that the use of dummy.email could be from an article suggesting its use to avoid spam, or could suggest that it's attempts to validate stolen CC data.
What the documentation says5Technical articles
Documentation from Mozilla details approaches for handling emails in testing environments, including using mock SMTP servers or configuring test email accounts to catch and inspect outgoing emails.
Documentation from ISO shares that when using data that is for test purposes it is crucial to follow data protection rules and use data that does not reference real individuals.
Documentation from IETF explains that domains like `example.com`, `example.net`, `example.org`, and `example.edu` are reserved for documentation purposes and should not resolve to real-world servers. They are safe to use in examples.
Documentation from Microsoft explains about setting up test email accounts on their exchange server. Allows configuration that can allow for all emails sent to the account to be discarded and not sent on.
Documentation from OWASP explains that data validation is essential and dummy data should be avoided as part of proper application security. Encourages proper input sanitisation and validation.