You've built a great product. Users are signing up. But your analytics tell a different story — half your new accounts never verify their email, engagement is near zero, and your carefully crafted onboarding sequence is going to /dev/null. The culprit? Disposable email addresses.
What Are Disposable Email Addresses?
Disposable (or temporary) email addresses are provided by services like Guerrilla Mail, Tempmail, Mailinator, and thousands of others. They give users a working email address that expires after minutes or hours. No signup required — just visit the site, get an address, use it, and walk away.
Some popular disposable email providers:
- Mailinator — public inboxes anyone can read
- Guerrilla Mail — self-destructing addresses
- 10MinuteMail — expires in 10 minutes
- Temp-Mail — random addresses with forwarding
- ThrowAwayMail — no registration needed
There are over 5,000 known disposable email domains, and new ones pop up every week. Some even use randomly generated subdomains, making simple domain blocklists ineffective.
Why Disposable Emails Are a Problem
1. They destroy your email metrics
Disposable addresses inflate your subscriber count but never open or click. Your open rates tank, which signals to email providers (Gmail, Outlook) that your emails aren't wanted — hurting deliverability for all your users.
2. They enable abuse
Free trial abuse is the classic example. A user signs up with a throwaway email, uses your free tier, and when it expires, signs up again with a new disposable address. Rinse and repeat. You're giving away your product for free to someone who'll never pay.
3. They waste your resources
Every fake signup costs you: database storage, onboarding emails that bounce or go unread, customer support overhead, and skewed analytics that lead to bad decisions.
4. They're a fraud signal
Legitimate users use their real email. Disposable addresses correlate strongly with fraud, spam, and abuse. Blocking them is a quick win for trust & safety.
How to Detect Disposable Emails
Approach 1: Maintain your own blocklist (not recommended)
You could maintain a list of known disposable domains and check against it:
const disposableDomains = new Set([
'mailinator.com',
'guerrillamail.com',
'tempmail.com',
// ... 4,997 more entries
]);
function isDisposable(email) {
const domain = email.split('@')[1]?.toLowerCase();
return disposableDomains.has(domain);
}The problem: this list is never complete. New disposable services launch weekly. Some use wildcard subdomains (anything.tempservice.com). Some use legitimate-looking domains. You'll spend hours maintaining this list and still miss entries.
Approach 2: Use an API (recommended)
MailCheck maintains a continuously updated database of 5,000+ disposable email providers, including subdomain patterns and newly discovered services. One API call tells you everything:
curl example
curl -X POST https://api.mailcheck.dev/v1/verify \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_api_key" \
-d '{"email": "user@guerrillamail.com"}'Response:
{
"email": "user@guerrillamail.com",
"valid": false,
"reason": "disposable_address",
"disposable": true,
"mx_found": true,
"did_you_mean": null
}JavaScript (fetch) example
async function checkDisposable(email) {
const res = await fetch('https://api.mailcheck.dev/v1/verify', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_api_key',
},
body: JSON.stringify({ email }),
});
const data = await res.json();
if (data.disposable) {
// Block signup or flag for review
return { allowed: false, reason: 'Please use a permanent email address.' };
}
return { allowed: true };
}Where to Block: Signup vs Post-Registration
You have two options, and the right choice depends on your product:
Block at signup (recommended for most apps)
Check the email during registration and reject disposable addresses with a friendly message:
app.post('/api/register', async (req, res) => {
const { email, password } = req.body;
const check = await fetch('https://api.mailcheck.dev/v1/verify', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + process.env.MAILCHECK_API_KEY,
},
body: JSON.stringify({ email }),
}).then(r => r.json());
if (check.disposable) {
return res.status(400).json({
error: 'Please use a permanent email address. Temporary email providers are not accepted.',
});
}
// Proceed with registration
await createAccount(email, password);
res.json({ success: true });
});Flag post-registration (for open platforms)
If blocking signups feels too aggressive (e.g., you're an open community), let them register but flag the account internally. Restrict features (no free trial, limited API access) until they verify with a real email.
Handling Edge Cases
- Custom domains on disposable services: Some users register their own domain and point MX records at a disposable service. MailCheck detects these by analyzing MX record patterns, not just domain names.
- New disposable services: MailCheck's database is updated continuously. New providers are typically added within days of discovery.
- False positives: Rarely, a legitimate small email provider might share infrastructure with disposable services. MailCheck's confidence scoring lets you set your own threshold.
- API downtime: Always implement a fallback. If the API is unreachable, allow the signup and verify asynchronously.
The Business Case: Real Numbers
Here's what blocking disposable emails typically does for SaaS products:
- Free trial abuse drops 40-60% — users can't endlessly create new accounts
- Email open rates increase 15-25% — your list is real people
- Support tickets decrease — fewer spam/abuse reports
- Conversion rates improve — you're measuring real users, not ghosts
For a SaaS product spending $50/month on email infrastructure, the ROI is immediate.
MailCheck detects 5,000+ disposable email providers and updates continuously. One API call, real-time results, 100 free checks per day. Get your free API key →