The notify_url setting in a Web Checkout form overrides the profile IPN URI, so if a form doesn't specify a notify_url then the profile value will be used, but if a form does specify an address then the profile value will not be used. I appreciate this is confusing because the PayPal Profile page (where you specify the default IPN address) does not mention this, neither does PayPal's own documentation.
(To further frustrate things, PayPal's documentation still has screenshots and text describing the old (2005-2015) account management pages, they still haven't updated them).
Note that despite the name "Instant Payment Notifications", the messages are not actually Instant - in my experience there is a lag time of between 15 seconds and (rarely) up to 2 minutes before my code receives an IPN message. For this reason if you really need instant notification you should also use PDT to augment your IPN handler. PDT is where PayPal's web checkout process will redirect your customers back to a custom URL with an opaque Transaction ID in the querystring, which you can use to retrieve the actual transaction details in your own code when you handle the incoming request from the returning customer.
The IPN system is now decades-old, dating back to the late-1990s - consequently its design is a bit strange, and you will, in fact, receive multiple notifications for the same transaction - but it depends on the type of transaction. This is documented in PayPal's IPN documentation, but again, they don't give you all of the details and in many cases you have to learn through trial-and-error.
For example, if it's a straight-forward Web Checkout using PayPal's own checkout pages and the customer is paying with a credit card or PayPal account balance then you'll get a single notification informing you the transaction was successful and that's it. However if a customer pays by US ACH (aka eCheck) then you will receive multiple notifications because the clearing process takes a while: you'll first get an initial notification that a payment was made, but that it hasn't cleared yet, then you'll get another notification 2-3 days later notifying you if the payment cleared successfully (and your PayPal account actually has the funds) or if it failed.
I don't personally recommend using the PayPal Sandbox for more than trivial exercises because it fails to simulate all possible scenarios in real-life, and it's a pain to set-up. How seriously you take testing depends on how critical this code is to your business.
In short, and for PayPal in particular, don't be afraid to test-in-production, and make sure your code gracefully handles unusual messages and I strongly recommend recording and saving every incoming IPN message so you can get a better "feel" for the data you can process - again, because PayPal's documentation is lacking in many areas.
