Some documentations (like IBM OpenLDAP) suggests that "@local.io" is usable for test emails.
THIS IS WRONG.
If you setup test accounts with "@local.io" email addresses on a public server, your emails will be received and will be read by a human.
If that person is a malicious actor (which he is not), he will be able to reset password and gain access to your system.
For critical email testing, use email addresses you directly control.
If you need many email addresses, consider using "default (catch-all) mailbox" that can receive all emails addressed to that domain.
example.com / example.net / example.org is usable just for documentation purposes.
Although they are owned by IANA, sending emails to them is not secure !