The problem with such services is, the moment they rear their heads just above the obscure line to even an iota of popularity, they get blocked, blacklisted and what not.
For those who own their own domain for emails, there are multiple ways of doing it - aliases, temporary IDs, filters, etc. Or use such services' backbone/infrastructure that can route the emails but you own the domain.
It seems to me that fewer and fewer websites actually bother to block these domains.
Even if you go through all that extra trouble to maintain a list of banned domains, the user can still just whip out a Hide-My-Email address ending in @icloud.com.
In my experience this seems to be true. For a while it seemed throw away emails were pointless to try and they would all be blocked. But over the past couple years I’ve had a lot of success using mailinator, which is probably one of the better known services which has been around for a long time.
> The problem with such services is, the moment they rear their heads just above the obscure line to even an iota of popularity, they get blocked, blacklisted and what not.
I never ran into that problem with https://temp-mail.org. They cycle domains constantly.
>I never ran into that problem with https://temp-mail.org. They cycle domains constantly.
You didn't run into that problem with temp-mail.org because you happen to use them on websites that don't bother blocking disposable email addresses -- or -- they do try to block them but use simplistic domain name checks.
But cycling domain names isn't enough to fool the more sophisticated disposable/throwaway email address detectors (especially the paid services) because they use extra heuristics of checking DNS MX records ip addresses.
E.g. temp-mail.org assigned the following random addresses "bob531@mcatag.com" and "alice8224@javnoi.com". Both of those domains are easily detected as throwaway emails because they both share the same MX ip 24.199.65.21 :
On the other hand, the "@mcatag.com", "@javnoi.com", etc used by temp-mail.org is good enough to get past the websites that copy&paste the code from these StackOverflow answers that just use simplistic string matching : https://stackoverflow.com/questions/10976706/how-to-block-di...
It all depends on how much effort and cost the websites want to put into blocking disposable email addresses.
https://temp-mail.org/ Is one of the harder ones to block. The use unique domains with unique Mx records and cycle through ip addresses. All seem to be on digital ocean though
> We do not share, sell, or disclose any personal information or email content to third parties, except as required by law or as necessary to protect our rights, property, or safety.
This policy claims to protect your privacy but allows them to share your data broadly, including with anyone they see fit to protect their own interests, effectively offering no real privacy guarantee.
> They're not going to protect your privacy to their detriment. They’re running a business, they’re not martyrs.
Fine, then they shouldn't profess their faith.
- Home page, second line: Privacy friendly
- Second site page: Privacy
Claim: “At Email.ML, we value the privacy of our users and are committed to protecting their personal information.”
If what they mean is security, since they are not committed to protecting privacy, they should just say security. Security can be a fine selling point without the newspeak.
Translated claim in ‘oldspeak’:
“At Email.ML, we claim to value your privacy, but we will share your personal information whenever it suits our interests or legally required.”
The github icon on the site directs to the author’s own page, and I couldn’t find any repository for the site, which makes me curious why do they even put the github link? Just for a follow?
Yeah, I was going to say it’s an awesome work but I looked around trying to find the repo.. and nothing was there. What’s the point of mentioning it runs on CF when you don’t provide the repo? This is just another SaaS
I guess using a .ml domain is okay for something that explicitly needs to work temporarily, but since the freenom scandal I wouldn't trust such domains.
Any generic use of a ccTLD gives me the ick. It’s one thing to use one for your low-impact personal site, quite another to use one for your email address.
I had high hopes for 1Password's integration with Fastmail and their masked email feature. Unfortunately I've seldom had it work properly and 1Password never prompts me to create a masked email when creating a new account for something.
My suspicion that the 1P extension is only as bright as the markup in the page, so <input type=text name=login> you get nothing, <input autocomplete=email type=email name=login> and the extension starts to behave well. Now a reasonable person could certainly wonder why the hell they don't offer "generate masked email" right next to their existing "generate password" but I have long since given up trying to understand the mysteries of 1P product management
Readit News
For those who own their own domain for emails, there are multiple ways of doing it - aliases, temporary IDs, filters, etc. Or use such services' backbone/infrastructure that can route the emails but you own the domain.
Even if you go through all that extra trouble to maintain a list of banned domains, the user can still just whip out a Hide-My-Email address ending in @icloud.com.
I never ran into that problem with https://temp-mail.org. They cycle domains constantly.
You didn't run into that problem with temp-mail.org because you happen to use them on websites that don't bother blocking disposable email addresses -- or -- they do try to block them but use simplistic domain name checks.
But cycling domain names isn't enough to fool the more sophisticated disposable/throwaway email address detectors (especially the paid services) because they use extra heuristics of checking DNS MX records ip addresses.
E.g. temp-mail.org assigned the following random addresses "bob531@mcatag.com" and "alice8224@javnoi.com". Both of those domains are easily detected as throwaway emails because they both share the same MX ip 24.199.65.21 :
- https://verifymail.io/domain/mcatag.com
- https://verifymail.io/domain/javnoi.com
On the other hand, the "@mcatag.com", "@javnoi.com", etc used by temp-mail.org is good enough to get past the websites that copy&paste the code from these StackOverflow answers that just use simplistic string matching : https://stackoverflow.com/questions/10976706/how-to-block-di...
It all depends on how much effort and cost the websites want to put into blocking disposable email addresses.
Dead Comment
This policy claims to protect your privacy but allows them to share your data broadly, including with anyone they see fit to protect their own interests, effectively offering no real privacy guarantee.
Fine, then they shouldn't profess their faith.
- Home page, second line: Privacy friendly
- Second site page: Privacy
Claim: “At Email.ML, we value the privacy of our users and are committed to protecting their personal information.”
If what they mean is security, since they are not committed to protecting privacy, they should just say security. Security can be a fine selling point without the newspeak.
Translated claim in ‘oldspeak’:
“At Email.ML, we claim to value your privacy, but we will share your personal information whenever it suits our interests or legally required.”
And judging by the number of free one year identity theft protection plans I've racked up, they don't.
Deleted Comment
most probably the three offered by the one shared by OP will have a similar fate.
Edit: didn't realize that was you.
Dead Comment