Failing to Use example.com in Examples is Just Asking for Trouble
The domain example.com was created way back when in the early days of the web specifically for use in examples. It was recognized quite early on that putting arbitrary domains into the examples commonly included in documentation is just asking for trouble. It is a potential vector for at best confusion, and at worse attacks against those who use the applications in question. What follows is an example of something that actually happened, with the details lightly fabulized to protect the innocent and the guilty alike.
Once upon a time a company provided a software as a service (SAAS) suite of web applications, used by other customer companies in order to provide features and functionality to their end users, floating somewhere out there in the internet. Who among us has ever seen an end user? Nonetheless, we all provide for their existence. These customer companies could configure many aspects of the end user experience, using XML or JSON documents, and among the items that could be configured were numerous URLs, appearing in various prominent and not so prominent places in the applications.
Now, it so happened that this SAAS suite was very large and very complicated, and the documentation was equally so. Thus it was in a perpetual state of update, much like the eternal painting of a certain Bay Bridge. By the time the small group of documentation elves finished the last item to be updated, years had passed since the beginning of that task, and it was time to start over again. This meant that there were some truly ancient areas in these documents, materials put together back in the halcyon startup days, or later, in haste, by those who did not take as much care as they might. Among the configuration examples, where URLs were needed, were to be found snippets of XML and JSON that contained such gems as mydomainhere.com
or replacewithyourcompanyname.net
. There, they sat, just waiting for an inattentive customer to cut and paste too eagerly.
Some years passed, and lo and behold, this happened for a certain major corporate entity, one of the very backbones of modern ephemeral commerce. The configuration was processed and the very next day, amidst the pages indexed on the public internet, were thus many links to these errant example domains. The malignant bots that constantly scour the internet in search of such errors found them immediately, registered these domains, and pointed them to dismal, rotting web servers infested with vile malware. Little else is to be expected from those that lurk in the darker places.
As might be expected, much was made of this following the next audit carried out by the security gnomes of the major corporate entity. This was somewhat more than a year and a day later, for such audits have long been declared important enough to be carried out with great fanfare and most infrequently. Much was made of this failure and the malicious advantage taken of it despite the fact that no-one could find a specific instance of harm - for who talked to their end users in that day and age? The harms no doubt occurred, and might even have been quantified were there the motivation to dust off the logs and count the appropriate entries. Be that as it may, the actual consequence of note to those involved was that certain contracts were shorn of the glimmering magic of profit, and there were narrowed eyes across the sales tables and among circles of executives for a good long time thereafter.
Certainly, further, the documentation elves were steered from their allotted schedule to purge all inappropriate domains from all documentation, and replace them with example.com
.