Readers
This post is about disposable email addresses and where to get them and concerns for organisations or whitehats defending their network/country. Disposable email addresses are something for which you don’t need an account. Understand you can only RECEIVE emails and cannot SEND. The service was first paid only but now you can get it for free from multiple locations. The email lasts from 10 minutes to a week.
Disposable email addresses are something that you can register on a site that you think you won’t be visiting often and may send you spam later or you want to hide your identify when registering. Depending on the person who is using the service, it can used in positive and/or negative ways.
Let’s start looking at them :
- AirMail
- Guerrilla Mail
- ThrowAwayMail
- Mailinator
- Temp Mail
- myTemp.email
- Email on deck
There are others but the mentioned ones are top hits.
As having background in Social engineering and identifying tactics that cyber criminals and/or insiders may use with regards to this disposable email, I can think of a 2 concerns.
- Partners in crime can use these for their communications rather than to worry about getting tracked and/or reveal the identity of the recipient.
- Another concern is insiders and how one can use the disposable emails to transfer data and/or for data exfiltration. Organisations should be on lookout of these channels or medium and can configure mail gateway and/or DLP to make sure no sensitive/confidential information is going out.
If you know other concerns please comment.
Lets hope the service is being used for good purpose.
There are several thousand more. https://raw.githubusercontent.com/wesbos/burner-email-providers/master/emails.txt
Thanks for this….
This is a nice list and I can see a good amount of effort that has gone into the blog. I would appreciate if you can add https://www.antideo.com to the list as well. Antideo is an API service that helps users to do a live detection of disposable email addresses and the list is auto-updated so that you always stay ahead of the curve. And the icing on the cake is that a user can make upto 5000 API calls/month for free