There were 3.9 billion email users worldwide in 2019, and that figure is expected to reach 4.5 billion by 2024. While that poses a bright future for email marketing, you need to note that the numbers may include all kinds of users, including disposable email address users. What many business owners don’t know is that they need to keep an eye on such emails and in many cases even keep them out of distribution lists.

In this article, we’ll dive into some of the threats disposable emails may pose and explain which of the addresses should be avoided. But let’s get into the basics first.

1. What Disposable Email Domains and Addresses Are

A disposable email domain is the domain name appended to a temporary email address. Disposable email addresses are email addresses created for short-term use (limited time or number of uses) that give users anonymity. That’s why they’re also called “temporary,” “dark,” “throwaway,” or “burner” email addresses. You can throw them away anytime you want to, like a burner phone, and they help you maintain your privacy, hence the term “dark.”

2. Why People Use Disposable Email Addresses

Many disposable email address users are not malicious, though. Some are just really keen on keeping their privacy online or preventing spam from getting into their private or corporate inboxes.

But like everything else in the world of tech, every tool has both upsides and downsides. In the business world, however, disposable email domains may pose more cons than pros.

There’s a very good reason why companies that primarily rely on the freemium model don’t allow disposable and sometimes even personal email addresses for registration or subscription on their websites. Sending marketing messages to disposable email addresses almost always results in hard bounces that can negatively impact your domain reputation. Moreover, a really high bounce rate could even land you in a spam blocklist.

Things get worse if threat actors distribute phishing and other malicious emails using disposable email addresses. They’re already hard to track as it is, and with the cloak of anonymity that disposable email domains provide, they’ll be even more difficult to identify and pin down.

3. Disposable Email Types

Disposable email addresses can come in three types—throwaway, alias, and forwarding email addresses.

  • Throwaway email addresses are meant for one-time use, most likely to sign up anonymously for a subscription, and then forgotten. They use disposable email domains, which we’ll tackle later on.
  • Alias email addresses use legitimate free email services like Gmail and Outlook. They are extra email addresses from the same provider people already use. Unlike their primary email addresses, though, these are solely for registration purposes.
  • Forwarding email addresses are also secondary email addresses (meaning their inboxes are rarely visited by their owners) people use for signups. Unlike alias email addresses, though, they’re from a different provider (not the same as their primary email account’s). They’re set up to forward messages to their primary email addresses.

4. Disposable Email Domains Businesses Should Avoid

Businesses need to avoid at least three types of disposable email domains—those that contain random alphanumeric characters, potential typosquatting domains (those deliberately misspelled to look like they belong to a legitimate company), and finance-related domains. Examples of these from a disposable domains feed for 15 July 2021 include:

  • Domains with random alphanumeric characters
Source: Screenshot by author
  • Potential typosquatting or look-alike domains (including ones that contain famous brands)
Source: Screenshot by author
  • Finance-related domains
Source: Screenshot by author

These disposable email domains (a very small subset of the 131,920 disposable email domains in the 15 July 2021 feed we downloaded) could figure in phishing campaigns.

The seemingly random-looking domains with alphanumeric characters definitely offer their users anonymity. Since they don’t have a specific individual’s or company’s name, no one can identify who they belong to, especially if they are used for fraud or other cybercrime.

The typosquatting domains that contain famous brands (e.g., adidas-fitness[.]eu, alfa-romeo[.]cf, and amazon-aws[.]org) could be used to fool email recipients into thinking they’re dealing with legitimate companies.

Finally, the finance-themed domains (e.g., abc-payday-loans[.]co[.]uk, 410khedgefund[.]com, and 999capaital[.]com) could lure interested borrowers or investors into dealing with fake businesses.

5. How Businesses Can Avoid Disposable Email Domains

Scrutinizing every domain you come into contact with is likely impossible to do manually, especially keeping in mind that some inboxes may get hundreds of emails a day. Multiply that by the number of inboxes in your company and that can go into the thousands. Imagine the amount of time and effort it would take to check if each one is disposable.

There are ways to automate disposable email domain checking. One is by using a Python script that automatically flags the disposable email domains in your network logs. Other tools like an email verification solution or a disposable email domain database could help users track if an email address or domain is temporary as well.

The sheer volume of disposable email domains detected each day shows an urgent need to protect networks from disposable email addresses. The types of disposable email domains discussed here and their examples are just a few of those that can pose harm to businesses. While not all of them are malicious, some could serve as cyber attack entry points.