Email or username:

Password:

Forgot your password?
Sindarina, Edge Case Detective's posts Post Back to profile
Top-level
Sindarina, Edge Case Detective

Oh, and please, if you are sending email, don't make up random addresses for your app to test with. Only send mail to addresses you know are valid, and for which you have permission to send mail.

If you need to test SMTP while developing software, use a mock SMTP server that drops all outgoing email in a local directory, so you can inspect it without dumping a metric ton of email in your upstream's SMTP queue.

If you absolutely must generate unique email addresses for testing, either register a domain for that purpose and set up mail handling for it, or use the .test TLD, and have as many unique domain names as you like.

3/ END

24 Jun 2023 at 8:27 | Open on ngmx.com
17 comments
Sindarina, Edge Case Detective

There's always at least one person who doth protest too loudly, whenever they are alerted to bad habits like these 😂

24 Jun 2023 at 18:28 | Open on ngmx.com
Sindarina, Edge Case Detective

ADDENDUM: If you need to generate reverse DNS records for IP addresses, DO NOT simply paste in the entire IPv4 address as the hostname, such as in this example;

❌ 198.51.100.1.net.example
❌ 198.51.100.2.net.example

If you absolutely need to use dots, like for delegation within a large enterprise or to clients, reverse the string instead;

✅ 1.100.51.198.rev.net.example
✅ 2.100.51.198.rev.net.example

Most to least specific, always.

In the vast majority of cases, keep it simple, with something like this;

✅ ip-198-51-100-1.dhcp.net.example
✅ ip-198-51-100-2.dhcp.net.example

Can be delegated if needs be, and is clearly separate.

ADDENDUM: If you need to generate reverse DNS records for IP addresses, DO NOT simply paste in the entire IPv4 address as the hostname, such as in this example;

❌ 198.51.100.1.net.example
❌ 198.51.100.2.net.example

If you absolutely need to use dots, like for delegation within a large enterprise or to clients, reverse the string instead;

2 Mar 2024 at 18:54 | Open on ngmx.com
AlisonW ♿🏳️‍🌈

@sindarina
And for your non-routable local network use a subdomain of .INTERNAL !

31 Dec 2024 at 19:47 | Open on fedimon.uk
sebastian büttrich

@sindarina
I hardly dare say it, but in a recent network deployment I assisted with, the head of IT had insisted real routable random IPs be used in their private network, as private ones were to easy to guess and thus abuse ...
I shall not disclose where ...

31 Dec 2024 at 15:41 | Open on mastodon.cc
Sindarina, Edge Case Detective
Zimmie

@sebastian @sindarina I know of a network equipment vendor which used a real, public address block belonging to a real, much larger company internally in a product they shipped. There were a few companies which were customers of both. Hilarity ensued.

The same network equipment vendor now uses 192.0.2 internally in a major product. Their reasoning is nobody should be using it, therefore *they* should use it.

31 Dec 2024 at 16:31 | Open on infosec.exchange
Paul_IPv6

@sindarina

when i was doing tech support for an open source DNS server, we regularly got support customers wondering why using fake roots or fake DNS names that collided with the public DNS kept breaking things.

i also worked for a large ISP that really pushed using IPv6 because they'd had problems in their NOC with many reuses of RFC1918 space and address collisions.

RFCs are not for the faint of heart but they have lots of good info and lots of reasons why you should follow them. ;)

31 Dec 2024 at 21:50 | Open on infosec.exchange
Gwenn

@sindarina
4/ Do not use "/dev/sda" or any valid volume name in an example for a formatting command.

25 Jun 2023 at 10:15 | Open on mamot.fr
jordan

@sindarina had to alert my company that we were sending automated emails of sensitive data to an email address at test.com before. whoever owns those domains probably has access to every secret in the country by now...

25 Jun 2023 at 11:53 | Open on mastodon.jordanwages.com
Zimmie

@wagesj45 @sindarina I’ve worked for a company which used a public domain name which they don’t own as their internal AD domain name. So much data leakage.

31 Dec 2024 at 16:34 | Open on infosec.exchange
Jens Dibbern

@sindarina And, for the love of god, start using test e-mail infrastructure. It's a 10 minute job to start a greenmail container or something similar. Gazillions of postmasters are sick of seeing your junk in their logs.

25 Jun 2023 at 20:23 | Open on mastodon.social
Roger

@sindarina a good mock SMTP option is mailtrap.io

3 Mar 2024 at 18:27 | Open on woof.group
MTRNord (they/them)

@sindarina Reminds me that Grafana sets a default alert contact to every instance which afaik cant be removed using provisioning. Which is annoying as fastmail keeps complaining about unable to send email to example.com :|

31 Dec 2024 at 16:30 | Open on mastodon.mtrnord.blog
Pixelcode 🇺🇦

@sindarina

Also, Germany's Federal Network Agency has defined various “drama numbers” – unassigned phone numbers for use in movies: bundesnetzagentur.de/SharedDoc

Landline:
Berlin: 030 23125 000 – 999
Frankfurt a.M.: 069 90009 000 – 999
Hamburg: 040 66969 000 – 999
Cologne: 0221 4710 000 – 999
Munich: 089 99998 000 – 999

Mobile:
0152 28817386
0152 28895456
0152 54599371
0171 39200 00 – 99
0172 9925904
0172 9968532
0172 9973185
0172 9973186
0172 9980752
0174 9091317
0174 9464308
0176 040690 00 – 99

@sindarina

Also, Germany's Federal Network Agency has defined various “drama numbers” – unassigned phone numbers for use in movies: bundesnetzagentur.de/SharedDoc

31 Dec 2024 at 16:55 | Open on social.tchncs.de
Raven667

@pixelcode @sindarina 66969...nice (that may or may not be a coincidence, a giggling German is not out of the question)

31 Dec 2024 at 21:19 | Open on hachyderm.io
Raven667

@sindarina I set up a little ansible play that adds regex-based virtualhost config to postfix that effectively makes _all_ mail delivered to a local user, for our QA hosts, so all the cron jobs and reporting jobs and whatnot that use /usr/sbin/sendmail have their output captured and *don't* *leak*, because customers _love_ it when they get a bunch of weird reports and errors from random QA systems in various states of broken when testing (so does the helpdesk when fielding their paniced calls).

31 Dec 2024 at 21:17 | Open on hachyderm.io
Sindarina, Edge Case Detective

@raven667 There are also mock SMTP servers that just take all mail sent and put it into a local folder for analysis.

31 Dec 2024 at 21:28 | Open on ngmx.com
Go Up