I built LettMail, which means I spend more time than is probably healthy thinking about inboxes that delete themselves. So let me start with the part most explainers skip: a temporary email is not a hack or a clever trick. It is an ordinary mail server with a timer bolted on and a script that takes out the trash. Once that clicks, everything else about it makes sense — what it is good for, where it quietly fails you, and why some sites slam the door on it.
The short version
A temporary email is a real, working address that lives for a short while and then vanishes. It receives messages like any normal inbox. You can open them, click the confirmation links inside, read the attachments. The only difference is the expiry clock. When it runs out, the inbox is wiped, every message goes with it, and the address drops back into the pool to be handed to someone else later.
You never register. You never pick a password. There is no “forgot password” because there is no account underneath it. That is the whole design goal: leave nothing behind.
What actually happens when you open LettMail
Load the page and three things happen in under a second. Your browser asks for an inbox. The server invents a random name, sticks it in front of one of our receiving domains, and registers that address with the mail server. A short-lived token comes back so your browser can poll for new mail every few seconds. From that point on, the server is simply listening for anything addressed to you.
None of this is exotic. It runs on the same SMTP that carries every other email on the planet. When a sign-up form somewhere sends its confirmation message, that mail travels the normal public route, lands on our mail exchange, and gets dropped into the short-lived store behind your inbox. The notification sound plays, the message appears, and you get on with your day.
From the other side of the server
A few things I only learned by actually running this:
The disposable part is not the inbox — it is the cleanup job. A cron task sweeps every few minutes, finds inboxes whose timers have died, and deletes them. That sweep is the single most important piece of code in the whole service. If it ever stalls, addresses stop being recycled and the whole privacy promise quietly breaks. I check it more than anything else.
Domain rotation is constant work. Spam-filter vendors publish lists of known disposable domains, and once a domain lands on one, a chunk of sign-up forms start rejecting it. So providers keep fresh domains in reserve and swap them in. That little “Change” button on the inbox is not cosmetic — it is me handing you a different domain that has not been blocklisted yet.
And because the address gets reused after it expires, whoever opens an inbox on that same address next can read whatever arrives there afterward. That is not a bug I can patch. It is the direct cost of an address that nobody owns. It is also the entire reason you should never point anything important at it.
What it is genuinely good for
Reach for a temp inbox when you need to catch one or two messages and then walk away forever:
- Reading something stuck behind a “give us your email first” wall
- Grabbing a sample chapter, a white paper, or a PDF download
- Claiming a one-time coupon or first-order discount
- Getting past a hotel or airport Wi-Fi login screen
- Testing your own sign-up flow as a developer (this is half my own usage, honestly)
- Posting once on a forum you will never visit again
I put together ten everyday situations like these if you want concrete examples. In every one of these, the site gets a real address that actually works, and your personal inbox stays clean. When that site eventually gets sold, breached, or buried in spam, the address that leaks is one that stopped existing months ago.
Where it will let you down
A disposable inbox is not a stand-in for your real email, and treating it like one will bite you. Never use it for anything you might need to get back into later:
- Banking, brokerage, anything with money attached
- Government and tax portals
- Healthcare and insurance
- Work accounts
- Any subscription you actually want to keep
- Two-factor codes for accounts that matter
The inbox will be gone long before you can reset a password or recover an account, and once it recycles, a stranger can claim that same address.
When a site refuses your disposable address
Sooner or later a form rejects your address with something like “please use a valid email.” That site is checking against a disposable-domain blocklist. It is a cat-and-mouse game: providers rotate domains, the lists scramble to catch up, and neither side ever fully wins. Three things to try, in order:
- Hit “Change” for a new address on a different domain. Often that alone clears it.
- If it still bounces, the site is screening hard. That usually tells you it wants a long-term relationship — which is exactly the kind of sign-up a disposable address is built to avoid.
- Decide whether you actually care. If you do, use your real address with an alias or a dedicated label. If you do not, close the tab. A site that hard-blocks every disposable address is making your decision easy.
Is any of this legal?
Yes. Using a disposable address to keep your inbox clean is no different from tossing paper junk mail in the bin. What is not legal is using one to commit fraud, impersonate someone, dodge a ban, or harass people. Any responsible service spells that out in its terms and acts on abuse reports. We do.
The bottom line
A temporary email is exactly what it says, and the machinery underneath is no fancier than a mail server with a timer and a cleanup script. Used the way it is meant to be used, it hands you back a small but real piece of your privacy — one habit among many that shrink your digital footprint. Next time some site demands your email just to let you read one paragraph, you have a better answer: open LettMail, copy the address, move on.