whatisgithub

What is disposable-email-domains?

castle/disposable-email-domains — explained in plain English

Analysis updated 2026-05-18

34Audience · developerComplexity · 1/5LicenseSetup · easy

In one sentence

A daily updated, independently verified list of the top 1,000 disposable email domains, built by Castle's fraud research team to help apps detect throwaway signups.

Mindmap

mindmap
  root((disposable email domains))
    What it does
      Top 1000 domains
      Daily automated updates
      Independently verified
    How it is built
      Website scraping
      DNS analysis
      Real abuse telemetry
    Use cases
      Signup fraud checks
      Risk scoring
      Rate limiting
    Format
      Plain text file
      One domain per line
      Sorted by abuse volume

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Check whether a user's email domain belongs to a known disposable or throwaway email service during signup.

USE CASE 2

Feed the domain list into a fraud or risk scoring system to flag suspicious account creation.

USE CASE 3

Block or rate limit signups from addresses on the list instead of hard coding your own domain blocklist.

USE CASE 4

Pull the daily updated text file automatically so your app's disposable email checks stay current.

What is it built with?

Plain text data

How does it compare?

castle/disposable-email-domains0xjbb/modulestompedahmedhazem02/fifa-world-cup-2026-prediction-agent
Stars343434
LanguageC++TypeScript
Setup difficultyeasymoderatemoderate
Complexity1/54/53/5
Audiencedeveloperdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Just fetch the plain text file over HTTP, no installation needed.

MIT license, use freely for any purpose including commercial use, as long as you keep the copyright notice.

So what is it?

disposable-email-domains is a curated list of the top 1,000 email domains that belong to disposable or throwaway email services, maintained by the research team at Castle, a company that works on account security and fraud prevention. The list is meant to help other developers spot when someone signs up using a temporary email address instead of a real one. What sets this list apart from similar public lists is how it is built. Instead of collecting submissions from the community and merging them into one large file, Castle verifies every domain independently and only adds it if it is tied to a real disposable email service that has been seen in actual abuse, such as fake signups, promo abuse, spam, or people creating many accounts at once. The team deliberately leaves out privacy focused email providers like Proton Mail or Tuta, since those exist to protect user privacy rather than to enable throwaway accounts. The result is meant to be a small, focused list rather than a sprawling one, which the maintainers say makes it easier to use without triggering false positives. To build the list, Castle scrapes websites of known disposable email providers, studies DNS records to find services that share infrastructure with providers already known to be disposable, and draws on real abuse data observed across the platforms that use Castle's fraud protection tools. The list is regenerated and committed automatically every day, so it stays current without needing manual pull requests. The repository itself is just one plain text file, disposable-email-domains.txt, with one domain per line, sorted so the most frequently abused domains appear first. Because the file is small, it can be loaded entirely into memory and checked against an email address in a single line of code. The README includes short code examples in Python and JavaScript showing how to download the file and check whether an email's domain is in the list. The maintainers are clear that this list only covers the top 1,000 domains they have observed, not every disposable email domain that exists, and that broader coverage requires their paid API. They also note that seeing a disposable domain does not automatically mean an account is malicious, and leave the decision of how strictly to act on a match, whether blocking, scoring risk, or asking for extra verification, up to whoever uses the list. The project is released under the MIT license.

Copy-paste prompts

Prompt 1
Write a Python function that downloads castle/disposable-email-domains and checks if a given email address uses a disposable domain.
Prompt 2
Show me a Node.js example that loads castle/disposable-email-domains and rejects signups using disposable email addresses.
Prompt 3
How can I schedule a daily job that re-downloads the disposable-email-domains list so my blocklist stays current?
Prompt 4
Explain the difference between hard blocking and risk scoring when using a disposable email domain list like this one.

Frequently asked questions

What is disposable-email-domains?

A daily updated, independently verified list of the top 1,000 disposable email domains, built by Castle's fraud research team to help apps detect throwaway signups.

What license does disposable-email-domains use?

MIT license, use freely for any purpose including commercial use, as long as you keep the copyright notice.

How hard is disposable-email-domains to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is disposable-email-domains for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.