Testing your product with multiple user emails

This is an ages old problem testers have been trying to address.

You would always want to test your product with multiple user registrations and most of your products will need emails.

Well, you can generate email addresses using a script.

Problem solved ?

No, your product is very secure. It needs email verification to do any operations.

Mark the email as verified within your database. Is it that easy ? Does your DEVs allow you to do this ?

Not always or not most of the times. Because, authentication and authorization is generally handled on enterprise range of products with standard providers like Auth0, OKTA, AWS Cognito, AzureAD, Keyclock, etc.. And man handling email verification flag is treated as a high security breach on most of the systems. So, it doesn’t allow you to do.

Here comes to your rescue. Disposable emails. What are they ?

A disposable email address (DEA) is a temporary email address that expires after a set period of time, or one which you can delete whenever you like. There are lots like yopmail, onesecmail, mailinator, mailcatch, etc..

Wow..!! Your problem is solved.

Wait. You get your product to a security review. They review your system and says, you have to block all generated, disposable and temporary mail boxes.

They have a valid point. Those mailboxes are accessible publicly by anyone. Your private staging IP addresses, domains, etc. get exposed in public and increases your vulnerability landscape.

So, now what ?

Is that the end of testing automation ? You have to write automation to create your own google or Microsoft emails via apis and access the mailboxes via automation and verify emails ? Isn’t that lot of work ?

Google is for your rescue.

I got this hint from one of our security partners. Gmail has an option to generate multiple alias emails from your own email ID.

Append a plus (“+”) sign and any combination of words or numbers after your email address. For example, if your name was cooltester@gmail.com you could send mail to cooltester+1@gmail.com or cooltester+test1@gmail.com, etc.

And all these emails lands to your inbox at cooltester@gmail.com

This was indeed the most clean and secure way I have ever found to generate emails and write automation test cases for user registrations.