Disposable Email API: Detect Temp Emails in 3 Lines of Code

Your signup form looks healthy. Hundreds of new users every week. But conversion to paid is flat. Support tickets reference accounts that never respond. Your onboarding emails bounce or vanish into the void.

The culprit is usually disposable email addresses — temporary inboxes from services like Guerrilla Mail, Temp Mail, and Mailinator that let anyone create a throwaway address in seconds. These addresses work long enough to get past your email confirmation step, then self-destruct.

A disposable email API catches these addresses at the point of entry — during signup, before the fake account ever touches your database. This guide shows you how to integrate one in under five minutes.

Why Use a Disposable Email API

Maintaining your own blocklist of disposable email domains is a losing battle. New temp mail services launch weekly, existing ones rotate domains, and the list of known disposable domains now exceeds 200,000. Hardcoding a few hundred domains into your validation logic catches maybe 10% of them.

A dedicated disposable email checker API gives you:

• A continuously updated database — EmailProbe tracks 202,686+ disposable domains, synced from 9 open-source lists and 17 live provider monitors every 15 minutes.
• Multi-signal detection — Domain blocklist alone misses new services. The API cross-references mail server infrastructure and known disposable IP clusters to catch domains that haven't been blocklisted yet.
• False positive prevention — A whitelist of 190 legitimate free providers (Gmail, Outlook, Yahoo, ProtonMail, etc.) ensures real users are never blocked.
• A single HTTP call — No DNS lookups, no regex maintenance, no blocklist updates. One request, one response, one boolean.

Quick Start: 3 Steps to Detect Disposable Emails

Step 1: Get your API key

Sign up at app.emailprobe.dev/signup.html. You get 2,500 free validations per month. No credit card required.

Your API key will look like ep_live_abc123.... Keep it in an environment variable — never commit it to source control.

Step 2: Make a request

Send a POST to /v1/validate with the email in the request body:

curl -X POST https://api.emailprobe.dev/v1/validate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "test@tempmail.com"}'

Step 3: Handle the response

The API returns a JSON object. The field you care about most is is_disposable:

{
  "email": "test@tempmail.com",
  "domain": "tempmail.com",
  "verdict": "disposable",
  "score": 95,
  "is_disposable": true,
  "is_free_provider": false,
  "syntax_valid": true,
  "has_mx": true,
  "request_id": "req_abc123"
}

If is_disposable is true, reject the signup or flag it for review. That's it — three steps.

API Endpoints

EmailProbe exposes four endpoints. All authenticated endpoints require the Authorization: Bearer YOUR_API_KEY header.

Code Examples

cURL

curl -X POST https://api.emailprobe.dev/v1/validate \
  -H "Authorization: Bearer $EMAILPROBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "someone@guerrillamail.com"}'

JavaScript (Node.js / Browser)

const response = await fetch("https://api.emailprobe.dev/v1/validate", {
  method: "POST",
  headers: {
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ email: "someone@guerrillamail.com" }),
});

const result = await response.json();

if (result.is_disposable) {
  // Block signup or show warning
  console.log("Disposable email detected:", result.domain);
} else {
  // Proceed with registration
  console.log("Email looks good. Verdict:", result.verdict);
}

Python

import requests
import os

response = requests.post(
    "https://api.emailprobe.dev/v1/validate",
    headers={
        "Authorization": f"Bearer {os.environ['EMAILPROBE_API_KEY']}",
        "Content-Type": "application/json",
    },
    json={"email": "someone@guerrillamail.com"},
)

result = response.json()

if result["is_disposable"]:
    print(f"Blocked: {result['domain']} is disposable (score: {result['score']})")
else:
    print(f"Allowed: {result['verdict']}")

Understanding the Response

Here is what each field in the validation response means:

• email The normalized email address you submitted. Lowercased, with alias suffixes (e.g., +test) preserved.
• domain The domain portion extracted from the email address.
• verdict One of deliverable, disposable, risky, or unknown. Use this for human-readable decisions.
• score Risk score from 0 (safe) to 100 (definitely disposable). Scores above 80 are almost always disposable. Scores between 40-80 warrant manual review.
• is_disposable Boolean. true if the email is from a known disposable or temporary email service. This is the primary field for automated blocking.
• is_free_provider Boolean. true for legitimate free email providers like Gmail, Yahoo, or Outlook. Useful for B2B apps that want to flag non-work emails.
• syntax_valid Boolean. true if the email passes RFC 5321 syntax validation. Always check this before trusting other fields.
• has_mx Boolean. true if the domain has MX (mail exchange) records configured. A domain without MX records cannot receive email.
• request_id Unique identifier for this request. Include it in support tickets for faster debugging.

Free Open API

If you want to test the API without signing up, or you need a client-side disposable domain check, use the open endpoint:

curl https://api.emailprobe.dev/open/v1/disposable/tempmail.com

Response:

{
  "domain": "tempmail.com",
  "is_disposable": true
}

This endpoint only does a domain-level check. For full email validation (syntax, local-part analysis, risk scoring), use POST /v1/validate with authentication.

Rate Limits and Pricing

The free tier is built for real usage, not a crippled trial:

• Free plan: 2,500 validations per month, 60 requests per minute. Full access to all detection layers. No credit card.
• Open API: 10 requests per day per IP. No auth needed.

When you exceed your limit, the API returns HTTP 429 with a Retry-After header indicating when you can resume. No data is lost and no charges are incurred.

Paid plans are coming soon with higher quotas (10K to 250K validations/month), batch validation, webhooks, and team access. See the pricing page for details.

Error Handling

Every error response follows a consistent structure. Your integration code can always expect this shape:

{
  "error": "Rate limit exceeded",
  "code": "RATE_LIMITED",
  "request_id": "req_xyz789"
}

Common error codes you should handle:

• 400 — Invalid request body. The email field is missing or the JSON is malformed.
• 401 — Missing or invalid API key. Check your Authorization header.
• 422 — Validation failed. The email address has invalid syntax (e.g., no @ symbol).
• 429 — Rate limited. Back off and retry after the duration in the Retry-After header.
• 500 — Server error. Retry with exponential backoff. If it persists, contact support with the request_id.

Always check the HTTP status code before parsing the response body. A well-behaved integration handles every status code above:

const response = await fetch("https://api.emailprobe.dev/v1/validate", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.EMAILPROBE_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ email }),
});

if (!response.ok) {
  const err = await response.json();
  if (response.status === 429) {
    const retryAfter = response.headers.get("Retry-After");
    // Wait and retry
  }
  throw new Error(`EmailProbe error: ${err.code} - ${err.error}`);
}

const result = await response.json();

Next Steps

You now have everything you need to block disposable emails from your signup flow. Here is where to go from here:

• Get your free API key — 2,500 validations/month, no credit card.
• Try the API playground — test any email address interactively without writing code.
• Read the full documentation — batch validation, webhooks, SDK libraries, and advanced response fields.
• Signup flow integration guide — step-by-step walkthrough for React, Next.js, and Express.

If you run into any issues, include the request_id from the API response when you contact support. It links directly to the request logs and lets us diagnose problems fast.