Remember when you accidentally sent that e-mail of the quiz cheat sheet to your professor instead of your classmate? Well, sometimes security (or privacy depending on how you look at it) isn't just making sure your site isn't open to an injection attack. It can also be as simple as making sure a tiny mistake isn't made. If you're using a Magento version that isn't at least 1.6, here's one configuration item we need to correct immediately.

Magento allows administrators to create orders that do not include an e-mail address. This makes sense as there are certainly situations where such an order would be placed without one. In cases such as these Magento will create a fictitious e-mail address for the order. By default (up through Magento 1.5.x) that e-mail address will look something like 234234252@emaildomain.com.
See the problem?

Sure, we could be thinking - "But it's just for customer orders" or "I don't check the box to send the order e-mail" or "Who makes an order in the admin?" or any number of thoughts which seem to make this a non-issue.

Unfortunately, it's a huge issue. A simple click in the wrong place and we just sent out our customers private information to a stranger. Specifically with this default setting it's entirely possible to send out a customers order information to the owners of "emaildomain.com". It makes me cringe to imagine how many they may have received.

It's all fine and good when speaking to give an example like user@domain.com or me@mycompany.com because we have a high hope of conveying that it is an example and not to be used literally. With a default configuration however, what is or isn't to be used is not so clear cut. We kind of expect that a default configuration is either acceptable or will in no way work without changing. To know what is an acceptable default value we should know that there are only four 'reserved' top-level domains. That is, domains which are not able to be resolved over public networks (and that includes e-mail). These domains are: example, invalid, localhost, and test (read more about reserved TLDs here). Which means an e-mail address of user@example.com will never (should never) go anywhere, but user@emaildomain.com will go to someone, just as user@gmail.com will - except not the person we intend or not intend as the case may be1.

Thankfully this was noticed (how it took so long will be an untold story) and reported in this bug report. In the 1.6.x branch of Magento we don't have to worry about this little item. For those of us who haven't upgraded yet - the fix is pretty simple. In the Magento configuration go to:
Configuration->Customer Configuration->Create New Account Options
and change Default Email Domain from "emaildomain.com" to "example.com" and save.

Alternatively we can change the file: app/code/core/Mage/Customer/etc/config.xml looking for a line like:
<email_domain>emaildomain.com</email_domain>
and changing it to:
<email_domain>example.com</email_domain>
Just in case, we'll want to check the configuration in the admin of Magento to make sure it sticks.

We could set this to a different domain such as 'invalid.com' or 'test.com' or even our own company domain. With the last we need to still keep in mind what is happening - as it has consequences. The use of 'example.com' is probably best in any case.

That's all there is to it. We and our customers can now rest just a bit easier tonight.

1 Technically, the MX record for emaildomain.com does not resolve at the time of this writing, so a misplaced e-mail still won't get anywhere. That doesn't mean it couldn't - and that's what we want to prevent.