About 10minutemail
10minutemail provides on-demand temporary inboxes across 23 domains in our database. Tracked since 2026-04-12, the service is commonly used to bypass mandatory email signups, register for free trials repeatedly, or evade newsletter lists. The service requires no account creation and provides immediate access to a throwaway inbox. Each session typically generates a new address with a unique local part on one of 10minutemail's rotating domains, and messages received are visible in a public-style web inbox for a short retention window before being purged. From a product operator's perspective, that pattern is indistinguishable from a fake-signup attack.
Live status
Active — last seen todayMonitored via web every 15 minutes.
Sample domains operated by 10minutemail
A small sample of the 23 domains we track for this service. The complete list is available through the EmailProbe API — single integration blocks every current and future 10minutemail domain automatically.
| Domain |
|---|
my10minutemail.com |
10minutemail.be |
10minutemail.cf |
10minutemail.co.uk |
10minutemail.co.za |
10minutemail.com |
10minutemail.de |
10minutemail.ga |
10minutemail.gq |
10minutemail.info |
23 total domains tracked. Detect every one of them via the API →
Mail infrastructure
MX servers
Why people use 10minutemail
Legitimate use cases
Privacy-conscious users rely on 10minutemail when they want to interact with an unfamiliar service without exposing their primary inbox. Common scenarios include downloading a whitepaper or e-book that requires an email address, trying a SaaS free trial before committing, signing up for a one-time event or webinar, or evaluating a product before deciding whether to share real contact details. For these low-stakes use cases, 10minutemail provides a clean buffer between the user and the service. Journalists, researchers, and security professionals also use temporary inboxes when testing how a third-party service handles signups, to avoid contaminating their permanent address book with marketing lists or, in the worst case, with mail from a service that has been breached.
Abuse patterns
Bad actors exploit 10minutemail to create fake accounts at industrial scale. Typical abuse patterns include fraudulent free-trial farming where multiple accounts are created to reset a trial counter, abusing referral or sign-up bonus programs, bypassing one-account-per-user rate limits on marketplaces, creating synthetic identities for click fraud, and registering throwaway credentials for credential-stuffing attacks on other platforms. Because 10minutemail domains are publicly known and require no identity verification, they are a first-choice tool for automated account creation. The economic effect on a SaaS business is real: inflated signup metrics that mislead growth planning, support costs spent triaging fake accounts, increased risk of credential abuse on subsequent product surfaces, and contaminated retention cohorts where the denominator includes accounts that were never going to be real users in the first place.
How to block 10minutemail signups
Three approaches, ordered by accuracy:
Manual regex (least reliable)
const BLOCK = /@(10minutemail\.[a-z]{2,4}|10minutemail\.com)$/i;
if (BLOCK.test(email)) reject();Free EmailProbe API (recommended for low volume)
curl https://api.emailprobe.dev/open/v1/disposable/10minutemail.comAuthenticated API (production)
curl -H "Authorization: Bearer $KEY" \
-d '{"email":"user@10minutemail.com"}' \
https://api.emailprobe.dev/v1/validateFrequently asked questions
Is 10minutemail safe to use?
10minutemail is operated by anonymous third parties and offers no privacy guarantees. Anyone who knows the address can read incoming mail — there is no password or access control on the inbox. Sensitive data sent to a 10minutemail address, such as password reset links, financial documents, or personal identification, is effectively public. Do not use 10minutemail addresses for password resets, account recovery, two-factor authentication codes, or any communication you expect to remain private. From an operator's perspective, allowing 10minutemail addresses for high-value flows like account recovery or invoicing is itself a security risk — an attacker who guesses or pre-claims an address can intercept any messages sent to it.
Can I receive emails on 10minutemail?
Yes — 10minutemail addresses receive incoming email and display it in a public or pseudo-private inbox until the address expires or is recycled. The inbox is typically accessible to anyone who types in the address, which means it offers no real privacy. Some 10minutemail domains also accept email for any subdomain or random string, making it easy to generate effectively unlimited distinct addresses on demand. This catch-all behavior is one of the strongest signals we use to classify 10minutemail as disposable: a single MX record accepting mail for thousands of distinct local parts on hundreds of distinct domains is not how legitimate inboxes work.
Is using 10minutemail legal?
Using a temporary email service like 10minutemail is legal in most jurisdictions. However, individual sites' terms of service often explicitly prohibit disposable addresses, and using one to bypass paid-account limits, circumvent fraud controls, or inflate signup metrics can breach those terms and, in some jurisdictions, constitute fraud or computer misuse. For ordinary privacy use cases — such as downloading content anonymously — 10minutemail usage is generally permissible. For product operators on the receiving end, declining to accept addresses from 10minutemail is similarly legal and well-supported by industry practice: every major SaaS company maintains some form of disposable-domain block list, either internally or through a third-party API like EmailProbe.
How does EmailProbe detect 10minutemail emails?
EmailProbe matches addresses against 23 known 10minutemail domains plus the service's mail-server infrastructure. Detection happens at the edge in under 50ms.
Can I block all 10minutemail domains at once?
Yes — every 10minutemail domain is flagged as disposable by the EmailProbe API. A single integration blocks every current and future 10minutemail domain without a manual list.
How long do 10minutemail email addresses stay active?
Address lifetime on 10minutemail varies — some addresses are intentionally short-lived (a few minutes to an hour) while others persist as long as the user keeps the browser session open. After the retention window, incoming mail is silently discarded. For a SaaS operator, the practical implication is that any automated follow-up email (a day-2 onboarding nudge, a billing notice, a security alert) is likely to land in an inbox that no human will ever check.
Can users still verify their email if they signed up with 10minutemail?
Most 10minutemail domains do receive verification emails — that's the entire point of using one — so a plain double opt-in will not filter them out. Effective filtering requires checking the domain against a known disposable list before the verification email is sent, ideally during the signup form submission itself. EmailProbe's free API call returns a verdict in under 50ms, which is fast enough to gate signup without harming the user experience for legitimate addresses.
Why do new 10minutemail domains keep appearing?
Disposable services rotate domains continuously to evade simple block lists. 10minutemail alone operates 23 domains today, and that number grows weekly as new domains are registered or repurposed. Maintaining a static text-file blocklist means you ship code every time a new domain appears; using an API like EmailProbe means new 10minutemail domains are flagged automatically without any change on your side.