Test Email function can create bogus new contacts in Civi
In CiviMail, the "send test email" function at the bottom of the New Mailing page can create new contacts even if erroneous information is placed in it. There appears to be some validation checking of this field, but there are invalid combinations which get past this.
For example, recently a user entered the following (equivalent) text: "firstname.lastname@example.org; email@example.com" (note the semicolon and space which appears to indicate the user intended this test to be sent to two different email addresses). No email was sent, but a new contact appeared with no name and the email address set to "firstname.lastname@example.org; email@example.com" (complete with space and semicolon).
Suggestion: more appropriate validation of this field required.