Using the TempMail Plus API

TempMail Plus was designed to be backwards-compatible with the existing API. Learn how to use it here!

The TempMail Plus features are designed to be backwards compatible with the existing API; that is, you should not have to change any code to get your setup working.

Generating Emails

First, support for our libraries will come in future updates. To generate an address using your TempMail Plus account for higher rate-limits, include the following headers:

  • X-BananaCrumbs-ID this will include your 24-number BananaCrumbs ID.
  • X-BananaCrumbs-MFA this is your (about) 36 character MFA token that was included with your BananaCrumbs ID.

Once these headers are sent inside the request, you should receive a normal email and token! Note that while TempMail Plus inboxes do last for up to ten hours, you will have to check it every ten minutes to ensure it does not get erased early.

There are some common errors that may occur if you enter the wrong information. The error is displayed inside the JSON information when the API returns data.

Custom Inboxes

Custom inboxes are not tied to your BananaCrumbs ID. Simply having an ID is enough to use custom domains. They still use the same system that has been in place before, but requires the two HTTP headers as mentioned in the Generating Emails section of this article.


When it comes to setting up your program using our API, we can help through our Discord Server. For questions regarding billing, purchases, etc., please find our email on our contact page.


Thank you for reading! You can check out TempMail Plus at the following link:

Upcoming Updates for TempMail

See some of the upcoming features for TempMail in this article!

1,200,000 emails and 500 hourly inboxes are incredible numbers! With the growth of the website, I would like to make some additions to further help people with their privacy in using TempMail.

These features will be added during November of this year through February of next year. They will not be added in any particular order, though.

Desktop App

While navigating to the website is easy, a desktop app can save a few clicks. The desktop app will be available to download on Windows, Mac, and Linux-based systems in the upcoming month.

POP3/IMAP Support

This has been planned for a while. Our customized protocol is not compatible with others; however, we plan to add support for POP3/IMAP soon as well. The intended design will allow users to sign in with the temporary email with the token as the password, instead of using HTTPS with our own protocol.

More Language Support

English is one of the most common languages; however, a great deal of our traffic comes from outside English-speaking countries. We will add multiple language support for the website. Our app, AnonyMail, already supports a few languages!

More (Programming) Language Support

We plan to create more libraries for more programming languages. As of now, we have one for JavaScript, Java, and Python, which are the most commonly used languages for scripting. Our next target languages include Rust, C, and Go.


Thank you to everyone who has used the website so far, and to those who will use it in the future! If you have any questions, feel free to write a comment below.

Major Updates for TempMail

We’ve released one of our biggest updates yet. This update includes custom domains, public domains, and more! has been running for almost a year since it started as Exploding Email. In that time, we’ve made a lot of changes to the website. In this article, we’ll go over some of the major changes that have been made recently.

Custom Domains

While this used to be a feature of Exploding Email, it has been added back into TempMail with a great implementation. You can now choose if you want your custom domain to be private (that is, only you can access it), or public (anyone can make Alternative Emails through your domain).

Private Domains

With private domains, you are given a token to “login” to the domain to retrieve emails. This prevents random people from reading the emails on your domain. Note that private domains can only store up to five emails across the entire domain before needing to be emptied by getting the emails (earliest emails are stored).

Public Domains

Public domains are a bit different: they are put into the pool of Alternative Domains, so people can generate emails with your domain, helping to avoid TempMail detection. If you have a spare domain you are not using, consider adding it!

Overview of Custom Domains

Overall, custom domains will help everyone. Private custom domains are currently in beta and are free during this period, they may be behind a subscription-based service in the future. Adding public pool domains will always be free.

Custom domains have also been added to the API. Support for custom domains will be added to libraries within the upcoming weeks.

API Changes

You can now choose a domain you want to generate! This allows you to choose from any existing default/alternative domains. Here’s an example:


This will generate an email at the domain you specify (in this case,


As September starts, we have added more features to the website while keeping the core principle of the website the same, a temporary email generator. If you just use the normal website with its .com domains, nothing will change. Alternative emails will be getting a larger pool of domains to pick from, which will help avoid detection.

Looking ahead, we plan to add even more features, such as support for the POP3 protocol, bigger storage for private domains, and more!

Lastly, we’ve processed 520,000 emails! This number is insane, and we hope it will continue to grow as more people use our service. Spread the word, and bookmark our site! If you have any questions, suggestions, or just want to talk, join the Discord server below!

Introducing Alternative Domains for TempMail

Introducing our new feature: alternative domains! Alternative domains allow you to generate emails that bypass certain website restrictions.

Ever tried to signup for a website using one of our domains but have had it fail? Thankfully, we are introducing something new: alternative domains.

Alternative domains allows you to use less common website endings (such as .cfd, .lol, and .shop). These endings are much cheaper than common endings (such as .com, .net, or .org), but may not work as reliably as common endings.

What does this mean for me?

If you use the regular domains, nothing will change. The website will still function the same way it has.

How do I use it?

Simply toggle the switch on the homepage under the Copy and Regenerate buttons.

If you do not see the switch, hold Control and click F5 on your keyboard to reload the page.

Developers: does this break the API?

No. For the API, the /generate endpoint will still work. If you wish to generate alternative emails, please use the /generate/rush endpoint instead. This will be added to TempMail APIs in the following weeks. Alternative domains are on the same rate-limit as normal domains (30/minute).


Thank you to everyone who has used the website so far! We are approaching 300,000 emails received and have around 200 hourly active users. We hope this addition to the website will help people get around websites censoring our email addresses.

My Take on GitHub Copilot

GitHub Copilot is one of the most practical uses of AI; however, it has some key disadvantages.

GitHub Copilot is one of the most advanced and practical uses of artificial intelligence that I have seen. I started using it around the middle of 2021 and have been ever since; however, I have noticed that it has changed throughout this time, and for the better, too.

What is Copilot?

Copilot is an Artificial Intelligence trained on public code using the OpenAI Codex engine. It is able to complete code you write, turn comments into code, and even write code based on the name of a method.

Is Copilot free?

During the technical preview of Copilot, it is free to use once you have been accepted. You can signup for the waitlist here, it took around one week for me to get in.

After the technical preview, GitHub Copilot will be free for students and verified open-source projects, while requiring a subscription for other users. According to their plugin page:

Once GitHub Copilot is generally available, it will require a subscription. It will be free for verified students and maintainers of popular open source projects on GitHub.

There is no posted cost for the subscription as of now.

As of July 2nd, the cost for a subscription is $10/month, and if you pre-pay for a full year, it is $100

My thoughts on Copilot

I think it is amazing to see practical uses of Artificial Intelligence. Having AI write code is going to help write even better AI in the future, and with the GPT-4 engine coming out in the near future, it will soon be able to write code on-par with any person.

This comes at a cost though. Depending on the cost of a Copilot license, companies can hire less experienced developers and give them Copilot to write their code. People have been saying this for a while now, but I think that companies may be skeptical to adopt this new technology.

According to their FAQ, GitHub states that 0.1% of the suggestions will be directly from training:

We found that about 0.1% of the time, the suggestion may contain some snippets that are verbatim from the training set.

This could create problems with code under attribution-based licenses, or worse, proprietary licenses that do not allow you to redistribute the code. It is unlikely that Copilot would take the blame for any copyright infringement.

There is a video on YouTube by Engineer Man that covers some of these points in detail, it is well worth the watch:

Of course, using Copilot is going to help save you time, and if you are an experienced developer, it will not be as big of a crutch. The problem comes when people who are new to coding use it; for example, students who are just learning to code may use it without actually understand what the code that Copilot wrote is actually doing.

Writing your own code, making mistakes, and improving from those mistakes is the way I—and many others—learned to code. My concern is that this can be used for cheating in assignments, and when it comes to actually writing code for a test where students do not have access to Copilot, they likely will not be able to do so.

Does this mean you should not use Copilot?

Depends. If you are an experienced developer, I would say that it is fine, as long as you actually understand what Copilot is writing and can write it yourself without Copilot. If you are new to programming or somewhat proficient, I would suggest not using it, as you will become dependent on it.

My experience with Copilot

I’ve used Copilot for a while, and for new projects that I start on, Copilot can be a distraction. Granted, my IDE has a keyboard shortcut to disable/enable Copilot, it can be distracting when you’re thinking about how to write something and a block of code appears before you. Your attention is diverted to the code Copilot wrote, and if it is not what you want, it wastes time.

In this example, I wanted to make it so that four specific items were removed from local storage. Since Copilot does not seem to notice the code below where the completion suggestion is, it does not know the fields I want to remove.

Code in cyan is Copilot

For this, clearing all of local storage would be bad, as there are other things that need to be stored besides those four variables.

Copilot has been useful in other ways though. For this website,, I used Copilot to help write some of its code. In particular, getting certain Unicode characters in HTML form can take time, whereas Copilot can do that in just a few seconds.

Code in cyan is Copilot


Even the name of the service, “GitHub Copilot”, is enough to say that it is not something to write code for you, but rather to assist you in writing code, or to be your… copilot… get it?

While I will use it occasionally to help with writing tedious code, it does not mean you should as well. Look at the code Copilot produces, could you have written that code yourself without looking it up online? If not, maybe you should wait to use Copilot.

If you have any questions, feel free to email me: [email protected] (public key here). I am also on Session if you want to talk directly.

See if your Email Client is Leaking your IP Address

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

First, thanks to macvk for making this test open-source. You can click the button below to generate an email, then email it to determine if your email client is leaking.

Your IP address:
Start Test

What if my client is leaking?

Update your existing mail client. If no update is available, download a new one. For Windows and MacOS users, the default mail app works well.

If you use an online Email provider, such as Gmail, you do not need to worry about your IP leaking, as long as you use the official Gmail website.

I tested several email clients that allow you to connect a Gmail account, and some leaked. If you want to ensure no-one gets your IP address, use the official Gmail client.


Stay safe! If someone does get your IP address, it isn’t the end of the world. There’s… not much they can do with it, besides get your internet provider and the city you live in.
Simply, you can unplug your router, wait 30 seconds, and plug it back in. Chances are that your ISP will have assigned your router a new IP address since it disconnected.

If your ISP assigns static IP addresses, contact them on how to change it, make sure to note your IP address before and after you unplug, as certain areas will only have IP addresses that are off by one or two digits.

This test made available from vpn-leaks-test by macvk, licensed under the GPLv3 License.

The TempMail Python API is out!

Want to use the TempMail API using Python? Try our easy-to-use library built for Python!

Ever wanted to interact with the API using Python but didn’t want to use raw HTTP requests? Well now we got your back.

First off, I would like to say thank you to Alex Torres for making the Python library. You can view the code here, feel free to contribute!

Important – read before using

The API has a few limitations:

  • You must use the token to check for emails within 10 minutes of the last check or the creation of the inbox, otherwise it is deleted.
  • Inboxes expire after 1 hour.


Use the pip command to install the library:

pip install tempmail-lol

Example Usage

from TempMail import TempMail #imports everything from TempMail library
import time #import time module

inbox = TempMail.generateInbox() #returns an Inbox object with Email and Token

print("Email Address: "+ inbox.address) #View output below
print("Authorization Token: "+ inbox.token)

    Email Address: [email protected]
    Authorization Token: RCfc1og1z1JzuN1mkXL2eFdAc_8uxSRAwcGhUoXuH26e7nnJMdVVtSxxasZLD9D2OHTKIjVEvLhK7S0K5QIanA

while(True): #Infinite Loop
    emails = TempMail.getEmails(inbox) #Returns list of Email objects
    print(emails) # View output below
    time.sleep(30) #wait 30 sec

    [Email ([email protected], [email protected], 
            subject=Subject line, body=Text Area, html=<div dir="ltr">Text Area</div>, 
            date=1652824961713 )]


Thanks again to Alex Torres for making the API. If you found it useful or have any suggestions, feel free to ask on GitHub. Let us know what you end up creating!

How to use the TempMail API

Want to use the API? Now you can! Check out our pre-made libraries or use the raw API.

Thank you to everyone who is using the website. If you are a developer, you can use our API on your own platforms (as long as it isn’t your own TempMail site)!

The API for is under the GNU AGPLv3 License.


As of now, we have libraries for the following languages:


Do we not have a library for your language yet? Feel free to reach out to me via email: [email protected] if you want your library added. In the meantime, you can use the raw API via HTTP requests to access our services.

The base URL should be stored as a constant. It is

There are two endpoints currently. First, to generate emails, the /generate endpoint. Upon successfully generating an email, the server will return the following data:

    "address": "[email protected]",
    "token": "token_to_check_for_emails"

Afterwards, use the token to check for new emails.


Inboxes expire after one hour, there is no avoiding this. If you do not check for new emails within 10 minutes of last check (or inbox creation) it will be deleted early.

To use the token to check for emails, GET the following endpoint: /auth/<token>

If you get an email (or multiple emails), you will be returned an array of email objects:

    "email": [
            "from": "[email protected]",
            "to": "[email protected]",
            "subject": "sub",
            "body": "hi",
            "html": "this field may not be present",
            "date": 1652814863785
            "from": "someotheremail@address",
            "to": "[email protected]",
            "subject": "subject",
            "body": "hello",
            "html": "<b>hello</b>",
            "date": 1652814873785

Note: once you get the emails, they are permanently deleted from our servers.

If there are no emails, the following response will be returned:

    "email": null

And finally, if your token is invalid, the following response will be returned:

    "email": null,
    "token": "invalid"


Let me know what you end up creating! I can be reached via email at [email protected]

You can also join the Discord server below by clicking the “connect” button:

Scams – Fake Hacker and Account Recovery Scams

Scammers try to fake being hackers to get money from victims looking to get their accounts back. Learn about signs of these scammers and how to avoid them.

Scams are everywhere, especially on social media platforms. Bots go around looking for Tweets containing phrases such as “I got locked out of my account” or “My account was suspended”, and claim you should message a ‘hacker’ to get it back. As we will see in this article, all of these hackers are fake, and they will just take your money and run.


If you do have a locked account, do not approach these ‘hackers’, they will ask for money to ‘recover’ your account. In reality, these hackers do not exist, it is a scammer who only wants to take your money.

If you did have one of your accounts locked and a scammer approached you about it, ignore them. The only way to recover your account on any platform is to contact the company you registered the account under. It sucks, but it’s the only way to do it.

Quick overview

In this scam, the scammer will attempt to:

  • Have you initiate a conversation
  • Ask you what accounts you want ‘recovered’
  • Ask for money, then run away with it

The scam

This type of scam happens on social media platforms such as Instagram or Twitter. Though companies such as Twitter have anti-bot measures in place, and they work somewhat well from what I have seen.

The scam starts with one of two things. The first is if you post something such as “I got my account suspended” on Twitter, you will get around 5-10 replies instantly from supposed ‘hackers’ or people recommending these fake hackers.

For privacy reasons, I have to remove the names of the bot accounts. While they might have been created for the sole purpose of replying to people’s tweets, they could be hijacked accounts that once belonged to real people. Ironic, isn’t it?

Sometimes people will write things such as “I got my account locked, can you help me?” replying to one of Discord’s tweets. These scammers have bots which will look for replies to this tweet and attempt to attach themselves to the thread.

While these scammers did raise several red flags, I will not be pointing out the mistakes they made for the sake of not making these scams better.


I contacted one of these fake hackers. Note: I am not liable for anything you do. If you are going to do this, do not use your real name. Make sure that any information on the account you use to contact cannot be traced back to you. While it is unlikely that one of these fake hackers will go after you personally, it is safer not to risk it.

The conversation I had with the first scammer on Twitter was long, so I will not be posting the entire conversation.

I will be blurring out details. The username I gave the scammer is fake, but I want to blur it just in case.

Note that any spelling mistakes were intentional on my end. If the image is too small, right click and open in new tab, or just drag the image to the new tab spot.

The scammer starts off asking for my username. In reality, he just sits there for a few minutes pretending to lookup my information.

After two minutes, the scammer got back to me, saying that my account, which does not exist, is recoverable. He then asks if I want to get the account recovered, which I would assume anyone would want, only to reveal that he needs me to pay $60 for “template software” to recover the account.

Of course, there is no such thing as software to recover accounts. In this instance, the scammer attempts to confuse the victim by throwing out words that sound important. Phrases such as “template software” are basically nonsense words.

I wanted to have a little fun, so I asked if $1 was enough, and he settled with $40 instead. Needless to say, I am a master negotiator now.

The conversation goes on for another twenty screenshots worth of pages. He states that I should refer my friends to him for a discount, trying to get even more money out of innocent people through referrals. I think once most people figure out the scam, they will not refer him to their friends.

Reeling in the victim

Of course, no good scam is complete without trying to get money from the victim. This is a lower stakes scam, unlike social security scammers, who try to tack on as many zeroes as they can.

I asked if I could pay with cash, but that was obviously out of the question. He would never do this of course, but I was hopeful. Instead, he suggests that I pay using Bitcoin. I decided to not go for this route, because depending on how he has it setup, there could be no ties to him whatsoever.

I chose to go with a different platform that I could report to the company. While this will not stop the scams, it does slow them down.

He asks if I can go on WhatsApp instead, which probably means that he is afraid his Twitter account will be suspended soon. Moving to a different platform means that even if his Twitter account is suspended, he will be able to continue with the scam.

After realizing that I do not have WhatsApp, he then asks for my phone number, which a scammer could use for many reasons. I wouldn’t put it past these scammers to use any means necessary to get money out of their victims, so I did not provide a phone number. Maybe in the future I will if I get a burner phone.

I asked him to reveal my own phone number. If he was the great hacker he says he is, it would be no problem; however, he said that for technical reasons, he is unable to get my phone number because of software problems. Sound like a fancy way of saying “I’m a fraud”.

He asked me to pay him through a different app, and to put the reason of the transfer as “gift”. This is likely to avoid triggering anti-scam detectors that have been put in place by these apps.

Unfortunately, I forgot to record my messages with the Instagram fake hacker, but it went more or less the same way. From what I can tell, these companies are taking action on these bot accounts, when I checked back this morning, they were suspended.


While scams cannot be stopped, it is important to know about them. Send this article to your family and friends so they know how to avoid scams.

Bookmark our blog, we have more articles exposing scams coming out soon! If you want, you can also join our Discord Server.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected]

NFT Scams – Signs and How to Avoid Them

Scams are everywhere. In this article, we’ll be focusing on NFT scams floating around on social media platforms.

Scams are everywhere, and social media platforms are a prime target for them. As part of the scam articles, we will be focusing on online scams, signs of them, and how to avoid them.

Quick overview

In this scam, the scammer will attempt to:

  • Try to get your interest as a ‘financial expert’
  • Attempt to get you interested in buying cryptocurrency or NFTs
  • Ask you to send money to them, then runaway with the money once paid, or ask for more money

The Scam

This particular scammer was inexperienced, he was quick to send me his details to try to scam me out of money, and made several mistakes about what he was trying to scam me out of. For the purposes of not making these scams better, I will not be pointing out these mistakes.

The scam starts with a user friending you on a platform such as Discord; though, this is just where it happened to me, it is possible for this to happen on any popular social media platform.


The scammer starts by adding you as a friend, usually from a mutual server (if you are in public Discord servers). Since my username starts with an “a”, I am high up on the list of members. Afterwards, they usually do not initiate a conversation, they wait for you to start it.

Here is the beginning of the conversation I had with the scammer (note that my first message “yes” was due to his friend request). It is highly likely that the scammer’s name is faked; however, I cannot take such a risk.

Image transcription:
Me: yes?
Scammer: How are you doing, nice to meet you .
Me: good, what’s up?
Scammer: I’m Harrison and I’m from Texas United State, I deal on NFT and Crypto have you had of any before?
Me: i’ve heard of it but haven’t gotten into it
Scammer: Have you heard of NFT craft investment where You can purchase NFT craft from us today at the sum of $7,000 and sell it in one week time with the sum of $60,500.
Me: sounds sketchy
Me: sorry for my late responses, i’m away from my house right now
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich

Needless to say, this sounds sketchy from the get-go. I have never been one to invest in NFTs, so even NFTs through legitimate channels seem sketchy to me.

The scammer hopes to get your attention by throwing out big numbers, and promising that if you pay, you will get large rewards in return; however, as we will get into later, the scammer will up and run with your money, and you won’t be left with the JPEG you were promised.

Reeling in the victim

After getting a conversation going with the victim, the scammer will attempt to get the victim to send money to them. They will start with a price around $10,000, expecting the victim to back out, only to ‘concede’ to a lower price. You can see the same tactic used sometimes by salespeople, though legitimate salespeople and scammers are very different people.

In my case, the scammer asks how much I want to invest, basically saying that I have control over the entire transaction. The scammer will do this to attempt to gain trust with the potential victim.

Image transcription:
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich
Scammer: And I can’t let that happen unless we have a fare trade
Me: i don’t get it
Scammer: It is very easy to make money., and all you have to do is send as much and reliable way too money of your choice and you will get a custom NFT that you could wait 5-10 days to sell And you could make millions after the investment (shrugging arms emoji)
Me: do i give you the money? sounds kind of strange
Scammer: Are you interested, let me tell you the correct NFT that is in sell at the moment?
Me: sure! sounds interesting
Scammer: Currently on sales now a Gorilla that could go for about $98,683 after about 1 week
Scammer: That would be for $11,081 right now, But I can sell it for you in the sum of $9,500, Can you afford this?
Me: i mean i can but that sounds like way too much
Scammer: Alright how much would you like to start up with ?
Scammer: You say
Me: maybe $500?

The scammer intentionally goes overboard with the price, then lowers it to make it seem more of a deal, even though no matter how much you pay you’ll be scammed out of your money, whether it is $500, $9,500, or $11,081.

Collecting from the victim

After I said that I would pay $500 (which I would never do), the scammer’s eyes lit up like dollar signs in a cartoon, and he eagerly sent me options to pay. Etherium and Bitcoin would be hard to trace, especially if he was using a separate address per victim, so I decided to go with PayPal since I could report it to get his account shut down.

I claimed that I did not own cryptocurrency (it’s the truth!) so I could get his PayPal details, and he copy/pasted a response right to me, asking me to send $500 to that address.

Needless to say, I’m going to blur out the scammers details, even though it is likely a temporary email and a prepaid phone number (by the way, we run a temporary email service! Check it out here). The scammer also states that I must put the reason of payment as “gift”, this is likely to avoid any kind of anti-scam measures PayPal has put in place.

Image transcription:
Scammer: Alright
Scammer: How do you want to make your payment? Bitcoin wallet PayPal ETH…
Me: paypal would probably be the easiest
Me: i do not own cryptocurrency
Scammer: [redacted paypal information]
Me: [trollface emote]
Me: caught in 4k man
Me: hook line and sinker
Scammer: Once you made the payment please take a screenshot and sent it to me immediately
Scammer: Alright

Granted, I could have trolled him a bit more by saying things such as “PayPal blocked my payment” or “How do I know you are who you say you are?”, I decided it was time to end the scam.

Though it was immature of me to send a trollface emote and my other two comments after that, I wanted the scammer to feel like his time was wasted interacting with me, and maybe make him think about making an honest living in society, rather than trying to scam innocent people out of their hard earned money.

Bonus: after looking up the phone number, I discovered that it belongs to an actual carrier in the United States, and not a VoIP service as I initially thought. I will edit this page if I discover more on this.

Edit: after looking some more, the area code listed is in Texas, which leads me to believe this phone could be hijacked with malaware in order to receive verification codes.


Want to stop scams like this? Send this article to your friends and family to warn them about scammers, and what kinds of tactics they use to bring in victims.

If you want, join our Discord Server, and bookmark our blog so you can stay up to date with the kinds of scams flooding the Internet these days.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected].

Stay safe out there!