JunkMail
Back to blog
Recruiters: Stop Testing Candidates with Personal Emails

Recruiters: Stop Testing Candidates with Personal Emails

Testing developers or QA engineers? Using your work or personal email to verify their deliverables is a rookie mistake. Here is how to professionalize your process.

By RH Tech Team1/19/2026

It’s recruitment season. You’re looking for that new Lead Dev or the QA Engineer who will save your roadmap. You’ve sent out a technical test: "Create a login page with a confirmation email flow".

The candidate sends back their code and says: "It’s ready, you can test it".

What do you do next? You go to their test app, and you type: firstname.lastname@your-company.com.

Stop. You just made three mistakes in a single move.

Error #1: You’re Polluting Your Primary Work Tool

You’re going to get the confirmation email. Then the welcome email. Then, if the candidate coded a 24-hour follow-up, you’ll get that too. Multiply that by 10 candidates. Your work inbox—the one where you receive contracts and emergencies—becomes a landfill for "Lorem Ipsum."

Error #2: You’re Giving Away Sensitive Data

The candidate might be very nice. But their code hasn't been audited. What if they left a log that records all emails in plain text? What if they used a MongoDB database open to the world (which happens in 50% of technical tests)? Your professional address is now circulating on an unsecured server.

Error #3: You’re Not Really Testing

Using a single address is testing the "Happy Path." But what happens if a user signs up twice? What happens if the email contains a special character? To test the robustness of a candidate's work, you need to iterate.

The "Ghost Recruiter" Method

To professionalize your tests, you need a sterile environment.

Campaign-Based Aliases

With JunkMail Business, create an alias for each open position: recruitment.fullstack.q1@junkmail.site.

The Workflow:

  1. Candidate A sends their test.
  2. You test with recruitment.fullstack.q1+candidateA@... (if you handle plus-addressing) or even better, create a dedicated disposable address via the API in 2 seconds.
  3. Verify the email receipt in the JunkMail dashboard. You can even inspect the HTML source code to see if the candidate followed deliverability best practices (DKIM/SPF).
  4. Once the hiring is closed, delete the alias.

Bonus: Test Their Automation Skills

If you’re hiring a QA Engineer, ask them to use the JunkMail API in their test to automate the sign-up validation. If they ask, "What's JunkMail?", send them the link to our documentation. If they use it and deliver a Cypress test that turns green all by itself, hire them.

Conclusion

Recruitment is a serious business that requires serious tools. Don’t mix your professional identity with the precarious test environments of your candidates.

Keep your distance. Keep control.

Need to isolate your HR processes? Explore JunkMail Business plans.