Disposable Email Checker
Check whether an email address or domain is disposable, temporary, or throwaway. Built for developers and trust-and-safety teams screening signups.
REST API
All of UserCheck's email and domain intelligence in a fast and simple API.
$ curl https://api.usercheck.com/email/[email protected]
{
"disposable": true
}1,000 free credits each month · no credit card required.
What a disposable signup tells you
A disposable address belongs to a temporary inbox. The user receives the confirmation link, then the inbox is discarded within minutes. The address works at signup but is unreachable soon after. On a signup flow it usually points to a recycled trial, a farmed promo credit, or an account created for abuse.
The check is most useful at signup, while you can still ask for a permanent address. Once the inbox expires there's no password reset and no way to contact the account holder.
This is a disposability check, not mailbox verification. It tells you an address is throwaway, not whether mail to it would currently deliver, which is a separate problem and a different tool.
Blocking vs flagging
Blocking outright makes sense when an unreachable user has nowhere legitimate to go: paid trials, referral payouts, regulated signups. If you block, say why. A plain "please use a permanent address" beats a generic error, because some real users reach for a throwaway out of habit and switch when asked.
Flag instead when a hard block would turn away more real users than it's worth. Let the signup through, mark it, and route it: hold the trial credit, step up verification before a sensitive action, or queue it for review.
Treat the result as one input to your own policy rather than wiring it straight to a block.
Two levels of detection
Disposable addresses come in two forms, and a check that only handles the first will miss the second.
Domain-level. The entire domain exists to be thrown away: Mailinator, 10MinuteMail, Temp-Mail, and thousands of smaller services. Every address on these domains is disposable, so matching the domain is enough.
Address-level. The domain is legitimate and carries real mail, but the specific address is a throwaway created on it. A domain check clears these, so the individual address is evaluated instead. Send the full email rather than the bare domain to apply both checks.
Keeping the database current
A disposable check is a database lookup, so its accuracy depends on how current that database is. New temp-mail services launch constantly, and a blocklist that hasn't seen a domain yet won't flag it. A static list, like the ones published on GitHub, is accurate the day it ships and stale soon after.
UserCheck keeps coverage current two ways: it continuously scans the internet for new disposable and temporary email services, and it analyzes every domain submitted through the API, so live traffic surfaces the small and regional services that public lists miss. Both feed one database that updates daily.
Using it from your code
The checker above runs on the same API you'd call in production. Request an email at /email/{address} (or a bare domain at /domain/{domain}) and branch on the disposable boolean in the response: block it, flag it, or fold it into a risk score, as above. The API documentation has the full field list and examples.
Common questions
Should I block disposable signups outright, or flag them?
It depends on what a wrong block costs you. Block when an unreachable user has nowhere legitimate to go: paid trials, referral payouts, regulated signups. Flag and route the rest (hold the trial credit, step up verification, or queue for review) when a hard block would turn away more real users than it's worth. The disposable field gives you the signal; the policy stays yours.
Will this flag my legitimate Gmail and Outlook users?
No. Public providers like Gmail and Outlook are tracked as their own signal (public_domain), separate from disposable, so real users on them pass a disposable check. Aliases such as [email protected] and addresses with extra dots aren't disposable either; they all land in the same inbox.
How is a disposable address different from a relay or forwarding one?
A disposable address is a public throwaway anyone can open and abandon, like Mailinator. A relay address is a private alias, like SimpleLogin or Apple's Hide My Email, that forwards to someone's real, permanent inbox. The relay user is reachable; the disposable one isn't. UserCheck reports them separately as relay_domain and disposable.
Can you catch throwaway addresses on otherwise-legitimate domains?
Yes, that's address-level detection. When a service hands out burner addresses on a domain that also carries real mail, matching the domain alone won't catch it, so the individual address is evaluated. Send the full email rather than the bare domain to get both checks.
Will it catch a temp-mail service that launched this week?
Usually. UserCheck continuously scans for new disposable services and analyzes every domain sent through the API, and the database updates daily, so freshly launched providers tend to be known quickly. This is where a static, hand-maintained blocklist falls behind: it's accurate the day it's published and stale soon after.
Can a determined user get around a disposable check?
Yes. Someone willing to register a fresh domain, self-host a catch-all, or sign up with a real Gmail can slip past. A disposable check is built to stop the high-volume, low-effort abuse that's most of the problem, cheaply and at signup. For the rest, combine it with signals like domain age, MX records, and spam reputation. No single check is meant to catch everyone.