June 23, 2011

When You A Need Bunch Of Test Email Addresses

Sometimes, you need a bunch of email addresses for testing purposes.  Perhaps you need to test a login or registration page, or perhaps your application sends emails to many different people.

You could create many real email accounts for your tests.  But sometimes there's an easier way. Sometimes you can use a single email account instead, and just use variants of a single email address.

In many email systems, anything after the plus sign in the local part of the email address is ignored.  So, all of these are delivered to the same mailbox:
  • foo.bar@gmail.com
  • foo.bar+123@gmail.com
  • foo.bar+234@gmail.com
  • foo.bar+test1@gmail.com
  • foo.bar+regression.test.11.29.2011@gmail.com
In gmail, periods within your gmail address are ignored.  So, all of these are delivered to the same mailbox:
  • foobar@gmail.com
  • foo.bar@gmail.com
  • f.o.o.b.a.r@gmail.com
Note that consecutive periods like foo..bar@gmail.com are fine for gmail, but are generally considered invalid and hence undeliverable by most email sending systems. copyrightjoestrazzere

Only in gmail, both of these are delivered to the same address:
  • foo.bar@gmail.com
  • foo.bar@googlemail.com
These methods will usually allow you to register many times on your system-under-test with emails that will be considered different, but will actually deliver to the same account.  And you can usually filter these incoming emails to keep them separate from your other emails if needed.

see also:

This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://strazzere.blogspot.com/.

June 21, 2011

Perhaps They Should Have Tested More - Dropbox

During a recent code push, web-based file storage firm Dropbox introduced a bug in their authentication mechanism - allowing unprotected access to accounts for four hours.

Reaction to this particular bug was widespread:

  • "allowed users to log into accounts using any password"
  • "gaping security holes"
  • "a significant embarrassment for Dropbox"
  • "Too bad I no longer trust them"
  • "Even as a free service they're not worth the trouble"

From the Dropbox web site's Help section:

How secure is Dropbox?

Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military.
Dropbox takes the security of your files and of our software very seriously. We use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure. Your files are backed-up, stored securely, and password-protected.
I'm sure they are usually password-protected.  Unless there is a bug in the authentication mechanism.  In which case they are not actually password-protected at all.

Perhaps they should have tested more.

See also: