Disposable email addresses (DEA) — also called one-time, throwaway, or temporary emails — come from services that hand out a mailbox that self-destructs in minutes. People use them to clear a sign-up form without ever giving a real address, which is exactly why they cluster around fraud registrations and trial abuse.
Why a static list is not enough
The hard part is that the list of disposable domains is never finished. Temporary-mail providers spin up new domains constantly to stay ahead of blocks. A blacklist you hand-curated last month is already out of date, and those gaps are exactly where the newest throwaway domains slip through.
Automatic, multi-source downloads
CleanContact treats the disposable-domain blacklist as something to refresh, not maintain by hand. The service pulls domain lists automatically from several independent DEA sources on a schedule. Each source is just a published, newline-separated list of known disposable domains:
# example disposable-domain source
mailinator.com
guerrillamail.com
10minutemail.com
temp-mail.org
throwawaymail.comA scheduled job runs the sync across every configured source:
- It downloads each source and normalizes the entries — lower-cased, with comments and blank lines stripped.
- Domains are de-duplicated across all sources into one combined blacklist, so overlapping lists never create duplicates.
- New domains are added automatically as the sources publish them; nobody edits the list by hand.
- An operator can also trigger an immediate refresh of any single source on demand.
Because the coverage comes from several lists at once, a domain that one source misses is usually caught by another — so the combined blacklist stays broad and current on its own.
How it is used during validation
When an address arrives, the very first thing CleanContact checks — before any MX lookup, SMTP handshake, or provider-specific probe — is whether its domain is on the disposable blacklist. A match is decisive:
- The address resolves straight to Bad, with a detail noting the disposable domain.
- No SMTP connection is opened, so the check is instant and costs nothing downstream.
- Fraud and trial-abuse sign-ups on throwaway domains are stopped at the door.
The result is a cheap, always-current first line of defence: one-time addresses are filtered out before they can pollute your database, and the blacklist that does it keeps itself up to date.