Require Work Email Address on Registration Discussion
Awesome Chris! Thank you so much for adding the tests.
A possible suggestion: How to start testing (from scratch) an existing app that doesn't have any tests (or test facility) set up yet.
Once security concern to be aware of when implementing this type of registration system is that many support systems can be abused to receive email on a corporate domain name.
For example, when creating a support ticket with Spotify they might generate a [email protected] email address for your support ticket. You could then use this email address to by sign up to a service that uses the described corporate-email restriction. The confirmation email would be send to the support ticket email address, which you then (as the original Spotify user creating the support ticket) would likely to get notified of. Allowing you to confirm the email address.
The protect yourself from such a hack, make sure to use a special subdomain (e.g.
support.spotify.com) for these kind of support ticket emails and code your corporate-email validation such that only root domains (
@spotify.com) are allowed. (as described by Chris)