10 Dec
2008
10 Dec
'08
4:21 p.m.
Yeah, that sounds like it should work - <student-id>@foo.com
If I were a hacker, I'd sit at foo.com or nowhere.com, and wait for the emails to come rolling in.
For fake emails, always use @example.com:
http://www.rfc-editor.org/rfc/rfc2606.txt
To keep student emails properly fake, you could also create a stub module with hook_form_alter to add a validate method to the user-edit forms. That could check that the user was either (a) a teacher or (b) their email was of the format firstname.lastname@example.com .
J-P