Per the What’s New - September 16, 2025 and KB article 205106, Blackbaud recently started replacing the email addresses for inactive users to one that uses the email domain redacted.com. This is actually a domain owned by a former cybersecurity company named [redacted] that was founded in 2015 and is NOT a legitimate testing email. You can go to their website and see their leadership, products, news postings, etc.

Blackbaud should NOT be using email address domains that are owned by an outside company.

There are existing domains specifically reserved by the Internet Assigned Numbers Authority (IANA) for testing such as example.com. Even if [redacted] is not currently active, it does not mean that someone else couldn't register/use that domain.

Blackbaud needs to change all of the email addresses that were assigned the "redacted.com" domain to something else that is more secure and that is specifically reserved for testing (or purchase redacted.com if they intend to keep using it).