Ask HN: Good throw-away email service?

32 points by jonahx ↗ HN
Signing up somewhere, I often find myself wishing for an email that:

1. I can create instantly (as many as I want)

2. Will forward to my real email

3. Can be turned off later

4. Won't expire until I turn it off

Most temporary email services give you an expiring inbox that self-destructs after X hours. But I want to control the destruction myself.

Any recommendations for services or libraries for building this myself against my own domain?

36 comments

[ 5.0 ms ] story [ 75.2 ms ] thread
Hushmail sounds like what you want: https://www.hushmail.com/personal/features/?source=website&t...

But it costs $50 per year. You didn't mention that you want free, but I figured that I'd mention the cost. Hushmail includes some extra privacy features that you didn't ask for, but it does do the things you asked for, like the unlimited email accounts (aliases) and no expiration.

I was giving this some thought and my initial reaction was to suggest a Gmail account with +aliases, e.g. mythrowaway@gmail.com, and then use mythrowaway+whateveralias@gmail.com combined with a forwarding filter.

I then saw the 'own domain' requirement leading me to think Google Apps will let you do this (for money), and you could use a catch-all alias rather than having to use +subaddressing.

That said, if you want to use your own domain and host it yourself, you could easily do this on something as small as a Raspberry Pi with exim/postfix, and just update /etc/aliases as required.

example /etc/aliases file:

  throwaway1: realaddyaliassecret
  throwaway2: realaddyaliassecret
  throwaway3: realaddyaliassecret
  throwaway4: realaddyaliassecret
  realaddyaliassecret: myrealaddress@yahoo.com

Note that you don't need to use a 'realaddyaliassecret', it just makes life a bit easier than having to always type in your real email address. And when you're done with a throwaway, just remove the entry from your aliases file, and messages should now bounce.

Shouldn't be particularly difficult to build a nicer front end too, cli or webbased.

EDIT: all of this now has me wondering why I haven't done this for myself already, given how simple it is. Thanks for the idea!

The problem with gmail + emails is that it's well-known those are aliases, and anywhere you signup can just strip the "+xxx" part to get your permanent address.
Sorry, I may not have been sufficiently clear, you'd register a new throwaway gmail address, and then create forwarding filters based on throwaway+alias. At that point, it doesn't matter if $badsite strips the +alias and learns your email is throwaway@gmail, you're not forwarding mail sent to that address anyway.

Anyway, I'm probably going to register a throwaway domain to use for disposable email per my final suggestion, so thanks for the post!

I see. Yeah, that would work. Although the process of setting up the forwarding wouldn't be just inconvenient enough that I wouldn't use it most of the time, I think.
I have a vps that I host a few domains on. I did not want to have to deal with the email aspect, so what I did was point the DNS to a shared hosting provider I also use that gives me unlimited domains. They have a really great email operations setup so they prevent people from sending spam etc. It is important for me at least because I do not want my email address or vps ip blacklisted.
https://mailinator.com/ is an interesting option. Lots of domain names to use and you can easily point your own domain names' MX records at it. Meets (1) and (4), with the precaution that it's a "public blog" approach to email and that anyone with the address and the knowledge it is hosted at Mailinator can check recent posts to that inbox. (Which is often perfectly fine for throw-away spam inboxes.) The mailbox itself doesn't expire, but items in it will.

For (2)/(3), if you register for an account you get a semi-private inbox that you can forward to your real email, but it is a step. I think if you upgrade plans you can set-up something more automated, but the current pricing page is surprisingly light on details from what I remember.

I used a Node library to make a trivial SMTP server that just sends everything it gets to a Slack channel.

If you're interested I can publish the repo, all you need is Node or Docker and a Slack webhook URL, and preferably a domain name for your server. (The A record is fine, you don't need to setup an MX.)

I host my main email address (me@justinlardinois.com) and have a catchall set up that forwards all other usernames to me. Whenever I sign up for a service, I give them thisservice@justinlardinois.com, and if it starts getting abused I can just add that username to the list of /dev/null recipients.
ProtonMail might be up your street. It fulfils points 1-4. See: https://en.wikipedia.org/wiki/Comparison_of_webmail_provider...

As I side note, I agree that the most popular email providers are sorely lacking the friendliness that they used to have. So many of them require mobile phone activation and expire early, which is super unhelpful if you want a throw-away account.

https://throttlehq.com provides a service similar to what you're looking for. The free tier forwards daily "digests", but the paid tier will do direct forwarding using your own domain. I definitely think there's an opportunity for a similar open source self-hosted solution.
Buy a domain from Google.com/domains or transfer one in and you can setup email forwarding from the control panel for free.
gmx.com offers up to 10 email aliases at a time for free. So of you're signing up for something from which you don't want to receive emails, use one of the aliases until it starts getting spam. Then delete it and create a new one.
I have been using the free tier of Mailgun for this. http://www.mailgun.com/

I use routes and rules to create throwaways on my own domains when necessary.

I'll piggyback on this and ask what HN is using to block those pesky disposable email addresses.

I offer FREE stuff in exchange of an email address (which can be removed immediately after), but I still get disposable emails, which is kind of aggravating.

> but I still get disposable emails, which is kind of aggravating.

From the other side:

So is giving up my e-mail address to receive something, knowing I'm going to get e-mail later about other things that I don't want (a.k.a. "spam", to some people).

I run my own mail servers, though, so I just create a new alias for everything, such as these one-off "give us your e-mail and we'll give you x" offers. I generally don't delete them afterwards, though, unless and until I start receiving other unrelated e-mails. Then, they get deleted (technically: timestamped and marked inactive in the database) and after a year they "reactivate" and become spamtraps.

I'd love to ask you a couple questions about what you're looking to block. Would you jump on a quick call?
I had bad experiences with users who used disposable email addresses to register for my service. Once a user went on a public forum to complain about our support. Turned out that he used disposable email address so there was no way to reach out to him and he was not receiving alerts from our service.

Now I just have disposable email domains blacklisted. It is a cat and mouse game as new ones pop up. Once we identify such disposable domains, we disable such users account and put domain on blacklist.

Here is a list to get you started. https://github.com/ivolo/disposable-email-domains/blob/maste...

https://sneakemail.com does what you want and has been around for over 15 years. It also supports greylisting, generation of temporary email addresses based on keywords, disabling and re-enabling of temporary addresses, multiple rulesets, tweakable everything. Freemium model.
I just use /etc/aliases, and create a new alias for each service that don't fully trust not to spam me.

Alternatively you can just set up a different gmail account for each. Then just add the account to your gmail app on your android phone, and it will automatically check all the accounts.

There is spamgourmet (https://www.spamgourmet.com/index.pl). It doesn't satisfy 4 exactly, but it's pretty close. If you give out an email like 'foo.20.myusername@spamgourmet.com' (there are other domains too), then it'll forward 20 emails to the configured email for your account, but you can always log in and set it to 0 remaining at any point, regardless of how many emails have been received.
I use one of my personal domains that has catch all email setup.

So I can do a@domain.com and b@domain.com. Both will show up in my inbox.

Of all things, Outlook. It lets you create aliases that you can delete at any time.

By "alias", I mean entirely separate @outlook.com email account.

Once it's set up, you can either

- Create a rule ("Recipient contains", <new email account>) to to for example delete email sent to that account, if you don't want to lose the alias

- Delete the alias - I do NOT know if you can reregister it in future, if it gets reserved, or what happens here.

Aliases: outlook.com > Gear icon (top-right) > Options > "Create alias" - 2nd from the bottom, first section

Rules: Gear icon > Manage rules

NOTE! You can also setup forwarding w/ Outlook, but Options > "Manage forwarding" mentions "Please sign in at least once every 365 days—otherwise your account looks inactive and could be deleted."

You could easily use Gmail. Just add text to define the separate throwaway email. e.g. jane.doe@gmail.com becomes jane.doe+throwawayemail@gmail.com

When you want to turn it off just filter out the name combination you created.

Adding text: https://support.google.com/mail/answer/12096?hl=en

Filter gmails: https://support.google.com/mail/answer/6579?hl=en

I am guessing this works well if you bounce or mark as spam anything sent to the main non-prefixed email address i.e. throwawayemail@gmail.com and prefix with guids or something unguessable.
Yep. I use a similar format/method as suggested to hold multiple accounts, track lead generation and what companies do with personal data.

E.g john.doe+competitionwebsitedotcom_20160502@gmail.com