The most idiotic defensive method you can use is often the best for these things, since we all have those days when everything that can go wrong will be. It is better to be careful, even borderline paranoid, when a mistake can ruin your day.
Here are some ways that might work:
Impotent default configuration
An absolutely safe system is to save the SMTP server configuration for the production server on the production server and only on the production server. Your development copy will have some other SMTP configuration, for example, to verify your GMail SMTP account. Generally GMail limits 500 emails per day on regular accounts, so you will quickly reach that limit if you really messed up somehow.
Replace customer emails in the database
Another thing to consider is to clear all customer emails in your database, delete them, and replace them with mytestaccount+0000@gmail.com and mytestaccount0001@gmail.com if you really want to receive and check them using the + and subsequent content is ignored for GMail delivery, giving you unlimited potential email addresses.
As an example:
UPDATE customers SET email=CONCAT('mytestaccount+', customer.id, '@gmail.com')
You need to configure this to be any email address you want. One of the advantages of this is that you will not have a valuable list of email addresses of clients sitting on your development drive and any associated backups. To be thorough, you should probably cross hashed passwords, and just so that the database is mostly useless to potential hackers. Too many times passwords are retrieved from backups that are not properly protected.
Send Undeliverable Customer Emails
The next best approach is to add β.testβ to the end of each email message on the system that you donβt want to send so that it is hard, instead of going to your inbox.
This is basically single line:
UPDATE customers SET email=CONCAT(email, '.test')
Speeding Delivery Email
You can always include some conditional logic, for example, when you intentionally replace the recipient of an email message. This can be dangerous because there is a possibility that you can turn off this switch accidentally, but, as always, be careful.
In practice, it looks something like this:
if ($i_should_not_spam_customer_accounts_accidentally) { $mail->to = " nobody@nowhere " }
Use API Managed Service
Some email service providers have an API that can help you when testing email messages. I am a co-founder of PostageApp , and the service was designed so that you can send messages using an API key that is specifically configured to receive but not deliver emails. Other services, such as MailGun , can be used in a similar way.
No single point of failure
This is not a good feeling, being one of the logical tests from the tragedy. You have to make sure that there are a few things that should go wrong before you have a fiasco.