top of page

How To Create An Anonymous Burner Email (Guide)

How To Create An Anonymous Burner Email (Guide) | Black Hat HQ

Create An Anonymous Burner Email


For pentesting and OSINT, burner emails serve distinct purposes: registering on forums without burning your real identity, receiving phishing test responses, signing up for trial accounts, or creating sock puppet personas. Here's what actually works. Here's a guide on how to create an anonymous burner email...


The Burner Email Landscape


Type

Examples

Stays Alive

Good For

Instant disposable

Guerrilla Mail, 10MinuteMail, TempMail

Minutes to hours

One-time verification codes

Persistent free

ProtonMail, Tutanota, Mailfence

Indefinite

Sock puppet accounts, forum registration

Catch-all domain

Your own domain + wildcard

Indefinite

Full control, unlimited aliases

Email API

Mailinator (private domain), Mailgun routes

Configurable

Automated testing at scale


Level 1: Instant Disposables (No Registration)


These give you an inbox immediately. No signup. No password. Close the tab and they're gone. Good for one-shot verifications where you just need to click a link.



  • Random inbox generated on page load

  • You can choose from several domains or set a custom username

  • Emails self-destruct after 1 hour

  • No sending (receive only)

  • No persistent login — close the tab, lose the inbox


bash

# CLI access via their API:
curl -s "https://api.guerrillamail.com/ajax.php?f=get_email_address" | jq .

# Fetch inbox:
SID=$(curl -s "https://api.guerrillamail.com/ajax.php?f=get_email_address" | jq -r '.sid_token')
EMAIL=$(curl -s "https://api.guerrillamail.com/ajax.php?f=get_email_address" | jq -r '.email_addr')
curl -s "https://api.guerrillamail.com/ajax.php?f=get_email_list&sid_token=$SID&offset=0" | jq .

10 Minute Mail



  • Inbox lasts 10 minutes (extendable by 10-minute increments)

  • Cleaner interface, better for copy-pasting verification codes

  • Some sites block 10MinuteMail domains — check before relying on it


Temp-Mail



  • Multiple domain options

  • Mobile app available

  • Longer session persistence than 10MinuteMail

  • Premium tier removes ads and extends inbox life


YOPmail



  • Any address @yopmail.com exists automatically — no creation step

  • Type anything@yopmail.com into the inbox checker

  • No password. Anyone who knows the address can read it

  • Good for quick tests; terrible for anything that needs privacy


Level 2: Persistent Anonymous Email (Registration Required)


For sock puppet accounts, forum registrations, or anything needing a stable inbox over days or weeks. These require account creation but can be done entirely through Tor.


ProtonMail


https://proton.me/mail (clearnet)
https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion (onion)

  • Free tier: 1 GB, 150 messages/day, 1 address

  • Signup from Tor: ProtonMail is one of the few major providers that doesn't demand a phone number

  • If prompted for verification, use a donation email or try again from a different Tor circuit (New Identity)

  • The onion address exists specifically for anonymous signup

  • PGP encryption built in, zero-access architecture

  • Drawback: ProtonMail is increasingly flagged as a "disposable" domain by some sites


Tutanota



  • Free tier: 1 GB, 1 address

  • Encrypted, open source, German-based (GDPR)

  • Some sites block Tutanota domains

  • Generally allows Tor signup without phone verification


Mailfence



  • Belgium-based, strong privacy laws

  • Less commonly blocked than ProtonMail/Tutanota

  • Free tier: 500 MB, includes calendar and documents

  • Sometimes requires an existing email for verification, which is circular for burner purposes



bash

# Invite-only, but invites are findable on forums
# Domains: cock.li, airmail.cc, tfwno.gf, etc.
# Hosted by a single operator — reliability varies
# No PGP on server, but you control your keys
# Popular in certain communities

Riseup



  • Invite-only, activist/collective focused

  • Requires an existing Riseup user to send you an invite code

  • Strong privacy policy, has fought warrants

  • If you can get an invite, it's one of the least likely to be flagged as burner


Level 3: Custom Domain + Catch-All (Professional OPSEC)


For sustained operations where you need unlimited burner addresses that look legitimate.


Setup


bash

# 1. Register a domain anonymously
#    Use Njalla (https://njal.la) — they register domains in their name
#    and hold them as your proxy. Pay with Monero.
#    Or use Namecheap/Cloudflare with privacy WHOIS (less anonymous)

# 2. Get hosting with catch-all email
#    Any shared hosting with cPanel supports wildcard forwarding:
#    *@yourdomain.com → your-real-inbox@proton.me

# 3. Or use a dedicated email forwarding service
#    ImprovMX (free tier: 25 aliases per domain)
#    Forward Email (free tier: limited)
#    Cloudflare Email Routing (free, unlimited — but you need Cloudflare DNS)

Cloudflare Email Routing (Easiest Free Option)


bash

# 1. Point your domain's DNS to Cloudflare (free)
# 2. Enable Email Routing
# 3. Create a catch-all: *@yourdomain.com → real-inbox@proton.me
# 4. Now anything@yourdomain.com arrives at your ProtonMail

# Benefits:
# - No email server to maintain
# - Unlimited addresses
# - Domains look legitimate (not @tempmail.com)
# - You control the domain, so no provider can shut you down

# OPSEC note:
# Cloudflare sees all metadata (From, To, Subject, timestamps)
# They don't see body content (that's between sender and ProtonMail)
# For sensitive ops, this matters

On-the-Fly Address Generation


bash

#!/bin/bash
# Generate a random burner address with your domain

DOMAIN="yourdomain.com"
RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 10 | head -n 1)
BURNER="$RANDOM_ID@$DOMAIN"

echo "Burner: $BURNER"
echo "Delete after: $(date -d '+7 days' '+%Y-%m-%d')"

# Log it for cleanup tracking
echo "$BURNER created $(date -Iseconds)" >> burner_log.txt

Level 4: Email APIs for Automation


For pentests where you need to programmatically create inboxes and poll for verification emails during automated registration testing.


Mailinator (Private Domain)


bash

# Register a private domain with Mailinator
# Then any inbox is accessible via API:
curl -s "https://api.mailinator.com/api/v2/domains/private/inboxes/someuser?token=YOUR_TOKEN"

Guerrilla Mail API


python

#!/usr/bin/env python3
"""Automated burner email for verification code extraction"""
import requests
import re
import time

class BurnerInbox:
    def __init__(self):
        self.session = requests.Session()
        resp = self.session.get(
            "https://api.guerrillamail.com/ajax.php",
            params={"f": "get_email_address"}
        )
        data = resp.json()
        self.email = data["email_addr"]
        self.sid = data["sid_token"]
        print(f"[+] Inbox: {self.email}")
    
    def wait_for_email(self, timeout=60):
        """Poll until an email arrives, return the body"""
        start = time.time()
        while time.time() - start < timeout:
            resp = self.session.get(
                "https://api.guerrillamail.com/ajax.php",
                params={
                    "f": "get_email_list",
                    "sid_token": self.sid,
                    "offset": 0
                }
            )
            emails = resp.json().get("list", [])
            if emails:
                mail_id = emails[0]["mail_id"]
                # Fetch full email
                resp = self.session.get(
                    "https://api.guerrillamail.com/ajax.php",
                    params={
                        "f": "fetch_email",
                        "sid_token": self.sid,
                        "email_id": mail_id
                    }
                )
                return resp.json()["mail_body"]
            time.sleep(2)
        return None
    
    def extract_verification_link(self, body):
        """Pull the first verification link from HTML email body"""
        match = re.search(r'https?://[^\s"<>]+?(?:verify|confirm|activate|token)[^\s"<>]*', body)
        return match.group(0) if match else None

# Usage
inbox = BurnerInbox()
# Register on target site with inbox.email
# Then:
body = inbox.wait_for_verification()
link = inbox.extract_verification_link(body)
print(f"Verification link: {link}")

Level 5: Aliases for Existing Accounts


If you already have Gmail, Outlook, or similar, use built-in aliasing:


Gmail Plus Addressing


bash

# yourname@gmail.com
# yourname+anything@gmail.com → all arrive at your inbox

# Examples:
# yourname+pentest_clientA@gmail.com
# yourname+reddit_puppet1@gmail.com
# yourname+darknet_forum_trial@gmail.com

# Pro: Unlimited, no setup
# Con: The +alias is visible to recipients. They know your real address.
#      Some sites strip + from email fields

Gmail Dot Addressing


bash

# yourname@gmail.com
# your.name@gmail.com → same inbox
# y.o.u.r.n.a.m.e@gmail.com → same inbox
# Gmail ignores dots in the local part

# Less obvious than plus addressing

SimpleLogin (Now Part of Proton)


bash

# https://simplelogin.io
# Creates forwarding aliases: random.alias@simplelogin.com → your real inbox
# Free tier: 10 aliases
# Premium: unlimited, custom domains
# Open source — you can self-host
# ProtonMail acquired it, integrates directly

AnonAddy


bash

# https://anonaddy.com
# Similar to SimpleLogin, open source
# Free tier: 20 shared domain aliases
# Supports PGP encryption of forwarded emails
# Self-hostable

OPSEC Decision Matrix


Concern

Solution

Site blocks known burner domains

Custom domain (Njalla + Cloudflare)

Need to receive only once

10MinuteMail, Guerrilla Mail

Need persistent identity for sock puppet

ProtonMail via Tor

Need to send emails from burner

ProtonMail, custom domain

Need to automate (API)

Guerrilla Mail API, Mailinator

Need PGP encryption

ProtonMail, Tutanota, AnonAddy

Need to disappear permanently

Instant disposable, never reuse

Need to look like a real company

Custom domain with proper SPF/DKIM/DMARC

Payment required to register domain

Njalla + Monero

Avoid any link to real identity

Tails → Tor → ProtonMail onion signup

Need many aliases from one inbox

SimpleLogin, AnonAddy, or Gmail + addressing


Common Mistakes That Deanonymize Your Burner


bash

# DON'T: Use the same burner for multiple unrelated activities
#        If you register on Forum A and Forum B with the same burner,
#        a compromise of either links your activities.

# DON'T: Log into your burner from your real IP
#        Burner created on Tor → always check it on Tor

# DON'T: Forward burner email to your real inbox
#        ProtonMail → Gmail forwarding leaks the connection

# DON'T: Use burner with services that have your real phone number,
#        real billing address, or real IP logs from previous visits

# DON'T: Reuse a burner password on ANY other service

# DO:    One burner per identity. Identity A = email A.
#        Identity B = email B. Never cross the streams.

Enroll In Online Cybersecurity & Hacking Classes/Courses

Comments


bottom of page