TempMail Is Now Using Bun!

We switched to Bun, and the results are outstanding

It’s been a while since we’ve posted last! In the background, the TempMail server is now faster than ever before, thanks to Bun.sh, a JavaScript runtime which has proven to be faster than the default Node runtime in our cases.

First Things First

Thank you to Ashton Memer for converting the server to Bun!


Since switching to Bun, we have seen the startup time for our server decrease from 15+ seconds to less than one second! Users were getting 500-level error codes because the default Node runtime could not keep up with the amount of request per second our server is getting. Since switching to bun, the average API request time went from 100 ms average to 20 milliseconds!

At peak, our service has had more than 200,000 inboxes active at any given time! A feat that would’ve resulted in many 500-level errors given the standard Node runtime.

In terms of memory, we’ve found that Bun, on average, uses 1.5 times more memory than the Node runtime. We believe that this is a fair tradeoff between performance and resources.

Next for TempMail and BananaCrumbs

We’re also excited to announce a new account system for BananaCrumbs, one where you can use your Email to register and create API keys! We will be releasing a post about this in the future.

Using the TempMail Plus API

TempMail Plus was designed to be backwards-compatible with the existing API. Learn how to use it here!

The TempMail Plus features are designed to be backwards compatible with the existing API; that is, you should not have to change any code to get your setup working.

Generating Emails

First, support for our libraries will come in future updates. To generate an address using your TempMail Plus account for higher rate-limits, include the following headers:

  • X-BananaCrumbs-ID this will include your 24-number BananaCrumbs ID.
  • X-BananaCrumbs-MFA this is your (about) 36 character MFA token that was included with your BananaCrumbs ID.

Once these headers are sent inside the request, you should receive a normal email and token! Note that while TempMail Plus inboxes do last for up to ten hours, you will have to check it every ten minutes to ensure it does not get erased early.

There are some common errors that may occur if you enter the wrong information. The error is displayed inside the JSON information when the API returns data.

Custom Inboxes

Custom inboxes are not tied to your BananaCrumbs ID. Simply having an ID is enough to use custom domains. They still use the same system that has been in place before, but requires the two HTTP headers as mentioned in the Generating Emails section of this article.


When it comes to setting up your program using our API, we can help through our Discord Server. For questions regarding billing, purchases, etc., please find our email on our contact page.


Thank you for reading! You can check out TempMail Plus at the following link: https://tempmail.lol/pricing.html

Upcoming Updates for TempMail

See some of the upcoming features for TempMail in this article!

1,200,000 emails and 500 hourly inboxes are incredible numbers! With the growth of the website, I would like to make some additions to further help people with their privacy in using TempMail.

These features will be added during November of this year through February of next year. They will not be added in any particular order, though.

Desktop App

While navigating to the website is easy, a desktop app can save a few clicks. The desktop app will be available to download on Windows, Mac, and Linux-based systems in the upcoming month.

POP3/IMAP Support

This has been planned for a while. Our customized protocol is not compatible with others; however, we plan to add support for POP3/IMAP soon as well. The intended design will allow users to sign in with the temporary email with the token as the password, instead of using HTTPS with our own protocol.

More Language Support

English is one of the most common languages; however, a great deal of our traffic comes from outside English-speaking countries. We will add multiple language support for the website. Our app, AnonyMail, already supports a few languages!

More (Programming) Language Support

We plan to create more libraries for more programming languages. As of now, we have one for JavaScript, Java, and Python, which are the most commonly used languages for scripting. Our next target languages include Rust, C, and Go.


Thank you to everyone who has used the website so far, and to those who will use it in the future! If you have any questions, feel free to write a comment below.

Major Updates for TempMail

We’ve released one of our biggest updates yet. This update includes custom domains, public domains, and more!

TempMail.lol has been running for almost a year since it started as Exploding Email. In that time, we’ve made a lot of changes to the website. In this article, we’ll go over some of the major changes that have been made recently.

Custom Domains

While this used to be a feature of Exploding Email, it has been added back into TempMail with a great implementation. You can now choose if you want your custom domain to be private (that is, only you can access it), or public (anyone can make Alternative Emails through your domain).

Private Domains

With private domains, you are given a token to “login” to the domain to retrieve emails. This prevents random people from reading the emails on your domain. Note that private domains can only store up to five emails across the entire domain before needing to be emptied by getting the emails (earliest emails are stored).

Public Domains

Public domains are a bit different: they are put into the pool of Alternative Domains, so people can generate emails with your domain, helping to avoid TempMail detection. If you have a spare domain you are not using, consider adding it!

Overview of Custom Domains

Overall, custom domains will help everyone. Private custom domains are currently in beta and are free during this period, they may be behind a subscription-based service in the future. Adding public pool domains will always be free.

Custom domains have also been added to the API. Support for custom domains will be added to libraries within the upcoming weeks.

API Changes

You can now choose a domain you want to generate! This allows you to choose from any existing default/alternative domains. Here’s an example:

curl https://api.tempmail.lol/generate/example.com

This will generate an email at the domain you specify (in this case, example.com).


As September starts, we have added more features to the website while keeping the core principle of the website the same, a temporary email generator. If you just use the normal website with its .com domains, nothing will change. Alternative emails will be getting a larger pool of domains to pick from, which will help avoid detection.

Looking ahead, we plan to add even more features, such as support for the POP3 protocol, bigger storage for private domains, and more!

Lastly, we’ve processed 520,000 emails! This number is insane, and we hope it will continue to grow as more people use our service. Spread the word, and bookmark our site! If you have any questions, suggestions, or just want to talk, join the Discord server below!

Introducing Alternative Domains for TempMail

Introducing our new feature: alternative domains! Alternative domains allow you to generate emails that bypass certain website restrictions.

Ever tried to signup for a website using one of our domains but have had it fail? Thankfully, we are introducing something new: alternative domains.

Alternative domains allows you to use less common website endings (such as .cfd, .lol, and .shop). These endings are much cheaper than common endings (such as .com, .net, or .org), but may not work as reliably as common endings.

What does this mean for me?

If you use the regular domains, nothing will change. The website will still function the same way it has.

How do I use it?

Simply toggle the switch on the homepage under the Copy and Regenerate buttons.

If you do not see the switch, hold Control and click F5 on your keyboard to reload the page.

Developers: does this break the API?

No. For the TempMail.lol API, the /generate endpoint will still work. If you wish to generate alternative emails, please use the /generate/rush endpoint instead. This will be added to TempMail APIs in the following weeks. Alternative domains are on the same rate-limit as normal domains (30/minute).


Thank you to everyone who has used the website so far! We are approaching 300,000 emails received and have around 200 hourly active users. We hope this addition to the website will help people get around websites censoring our email addresses.

My Take on GitHub Copilot

GitHub Copilot is one of the most practical uses of AI; however, it has some key disadvantages.

GitHub Copilot is one of the most advanced and practical uses of artificial intelligence that I have seen. I started using it around the middle of 2021 and have been ever since; however, I have noticed that it has changed throughout this time, and for the better, too.

What is Copilot?

Copilot is an Artificial Intelligence trained on public code using the OpenAI Codex engine. It is able to complete code you write, turn comments into code, and even write code based on the name of a method.

Is Copilot free?

During the technical preview of Copilot, it is free to use once you have been accepted. You can signup for the waitlist here, it took around one week for me to get in.

After the technical preview, GitHub Copilot will be free for students and verified open-source projects, while requiring a subscription for other users. According to their plugin page:

Once GitHub Copilot is generally available, it will require a subscription. It will be free for verified students and maintainers of popular open source projects on GitHub.


There is no posted cost for the subscription as of now.

As of July 2nd, the cost for a subscription is $10/month, and if you pre-pay for a full year, it is $100

My thoughts on Copilot

I think it is amazing to see practical uses of Artificial Intelligence. Having AI write code is going to help write even better AI in the future, and with the GPT-4 engine coming out in the near future, it will soon be able to write code on-par with any person.

This comes at a cost though. Depending on the cost of a Copilot license, companies can hire less experienced developers and give them Copilot to write their code. People have been saying this for a while now, but I think that companies may be skeptical to adopt this new technology.

According to their FAQ, GitHub states that 0.1% of the suggestions will be directly from training:

We found that about 0.1% of the time, the suggestion may contain some snippets that are verbatim from the training set.


This could create problems with code under attribution-based licenses, or worse, proprietary licenses that do not allow you to redistribute the code. It is unlikely that Copilot would take the blame for any copyright infringement.

There is a video on YouTube by Engineer Man that covers some of these points in detail, it is well worth the watch:

Of course, using Copilot is going to help save you time, and if you are an experienced developer, it will not be as big of a crutch. The problem comes when people who are new to coding use it; for example, students who are just learning to code may use it without actually understand what the code that Copilot wrote is actually doing.

Writing your own code, making mistakes, and improving from those mistakes is the way I—and many others—learned to code. My concern is that this can be used for cheating in assignments, and when it comes to actually writing code for a test where students do not have access to Copilot, they likely will not be able to do so.

Does this mean you should not use Copilot?

Depends. If you are an experienced developer, I would say that it is fine, as long as you actually understand what Copilot is writing and can write it yourself without Copilot. If you are new to programming or somewhat proficient, I would suggest not using it, as you will become dependent on it.

My experience with Copilot

I’ve used Copilot for a while, and for new projects that I start on, Copilot can be a distraction. Granted, my IDE has a keyboard shortcut to disable/enable Copilot, it can be distracting when you’re thinking about how to write something and a block of code appears before you. Your attention is diverted to the code Copilot wrote, and if it is not what you want, it wastes time.

In this example, I wanted to make it so that four specific items were removed from local storage. Since Copilot does not seem to notice the code below where the completion suggestion is, it does not know the fields I want to remove.

Code in cyan is Copilot

For this, clearing all of local storage would be bad, as there are other things that need to be stored besides those four variables.

Copilot has been useful in other ways though. For this website, https://tempmail.lol, I used Copilot to help write some of its code. In particular, getting certain Unicode characters in HTML form can take time, whereas Copilot can do that in just a few seconds.

Code in cyan is Copilot


Even the name of the service, “GitHub Copilot”, is enough to say that it is not something to write code for you, but rather to assist you in writing code, or to be your… copilot… get it?

While I will use it occasionally to help with writing tedious code, it does not mean you should as well. Look at the code Copilot produces, could you have written that code yourself without looking it up online? If not, maybe you should wait to use Copilot.

If you have any questions, feel free to email me: [email protected] (public key here). I am also on Session if you want to talk directly.

See if your Email Client is Leaking your IP Address

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

First, thanks to macvk for making this test open-source. You can click the button below to generate an email, then email it to determine if your email client is leaking.

Your IP address:
Start Test

What if my client is leaking?

Update your existing mail client. If no update is available, download a new one. For Windows and MacOS users, the default mail app works well.

If you use an online Email provider, such as Gmail, you do not need to worry about your IP leaking, as long as you use the official Gmail website.

I tested several email clients that allow you to connect a Gmail account, and some leaked. If you want to ensure no-one gets your IP address, use the official Gmail client.


Stay safe! If someone does get your IP address, it isn’t the end of the world. There’s… not much they can do with it, besides get your internet provider and the city you live in.
Simply, you can unplug your router, wait 30 seconds, and plug it back in. Chances are that your ISP will have assigned your router a new IP address since it disconnected.

If your ISP assigns static IP addresses, contact them on how to change it, make sure to note your IP address before and after you unplug, as certain areas will only have IP addresses that are off by one or two digits.

This test made available from vpn-leaks-test by macvk, licensed under the GPLv3 License.

The TempMail Python API is out!

Want to use the TempMail API using Python? Try our easy-to-use library built for Python!

Ever wanted to interact with the TempMail.lol API using Python but didn’t want to use raw HTTP requests? Well now we got your back.

First off, I would like to say thank you to Alex Torres for making the Python library. You can view the code here, feel free to contribute!

Important – read before using

The TempMail.lol API has a few limitations:

  • You must use the token to check for emails within 10 minutes of the last check or the creation of the inbox, otherwise it is deleted.
  • Inboxes expire after 1 hour.


Use the pip command to install the library:

pip install tempmail-lol

Example Usage

from TempMail import TempMail #imports everything from TempMail library
import time #import time module

inbox = TempMail.generateInbox() #returns an Inbox object with Email and Token

print("Email Address: "+ inbox.address) #View output below
print("Authorization Token: "+ inbox.token)

    Email Address: [email protected]
    Authorization Token: RCfc1og1z1JzuN1mkXL2eFdAc_8uxSRAwcGhUoXuH26e7nnJMdVVtSxxasZLD9D2OHTKIjVEvLhK7S0K5QIanA

while(True): #Infinite Loop
    emails = TempMail.getEmails(inbox) #Returns list of Email objects
    print(emails) # View output below
    time.sleep(30) #wait 30 sec

    [Email ([email protected], [email protected], 
            subject=Subject line, body=Text Area, html=<div dir="ltr">Text Area</div>, 
            date=1652824961713 )]


Thanks again to Alex Torres for making the API. If you found it useful or have any suggestions, feel free to ask on GitHub. Let us know what you end up creating!

How to use the TempMail API

Want to use the TempMail.lol API? Now you can! Check out our pre-made libraries or use the raw API.

Thank you to everyone who is using the TempMail.lol website. If you are a developer, you can use our API on your own platforms (as long as it isn’t your own TempMail site)!

The API for TempMail.lol is under the GNU AGPLv3 License.


As of now, we have libraries for the following languages:


Do we not have a library for your language yet? Feel free to reach out to me via email: [email protected] if you want your library added. In the meantime, you can use the raw API via HTTP requests to access our services.

The base URL should be stored as a constant. It is https://api.tempmail.lol

There are two endpoints currently. First, to generate emails, the /generate endpoint. Upon successfully generating an email, the server will return the following data:

    "address": "[email protected]",
    "token": "token_to_check_for_emails"

Afterwards, use the token to check for new emails.


Inboxes expire after one hour, there is no avoiding this. If you do not check for new emails within 10 minutes of last check (or inbox creation) it will be deleted early.

To use the token to check for emails, GET the following endpoint: /auth/<token>

If you get an email (or multiple emails), you will be returned an array of email objects:

    "email": [
            "from": "[email protected]",
            "to": "[email protected]",
            "subject": "sub",
            "body": "hi",
            "html": "this field may not be present",
            "date": 1652814863785
            "from": "someotheremail@address",
            "to": "[email protected]",
            "subject": "subject",
            "body": "hello",
            "html": "<b>hello</b>",
            "date": 1652814873785

Note: once you get the emails, they are permanently deleted from our servers.

If there are no emails, the following response will be returned:

    "email": null

And finally, if your token is invalid, the following response will be returned:

    "email": null,
    "token": "invalid"


Let me know what you end up creating! I can be reached via email at [email protected]

You can also join the Discord server below by clicking the “connect” button:

Scams – Fake Hacker and Account Recovery Scams

Scammers try to fake being hackers to get money from victims looking to get their accounts back. Learn about signs of these scammers and how to avoid them.

Scams are everywhere, especially on social media platforms. Bots go around looking for Tweets containing phrases such as “I got locked out of my account” or “My account was suspended”, and claim you should message a ‘hacker’ to get it back. As we will see in this article, all of these hackers are fake, and they will just take your money and run.


If you do have a locked account, do not approach these ‘hackers’, they will ask for money to ‘recover’ your account. In reality, these hackers do not exist, it is a scammer who only wants to take your money.

If you did have one of your accounts locked and a scammer approached you about it, ignore them. The only way to recover your account on any platform is to contact the company you registered the account under. It sucks, but it’s the only way to do it.

Quick overview

In this scam, the scammer will attempt to:

  • Have you initiate a conversation
  • Ask you what accounts you want ‘recovered’
  • Ask for money, then run away with it

The scam

This type of scam happens on social media platforms such as Instagram or Twitter. Though companies such as Twitter have anti-bot measures in place, and they work somewhat well from what I have seen.

The scam starts with one of two things. The first is if you post something such as “I got my account suspended” on Twitter, you will get around 5-10 replies instantly from supposed ‘hackers’ or people recommending these fake hackers.

For privacy reasons, I have to remove the names of the bot accounts. While they might have been created for the sole purpose of replying to people’s tweets, they could be hijacked accounts that once belonged to real people. Ironic, isn’t it?

Sometimes people will write things such as “I got my account locked, can you help me?” replying to one of Discord’s tweets. These scammers have bots which will look for replies to this tweet and attempt to attach themselves to the thread.

While these scammers did raise several red flags, I will not be pointing out the mistakes they made for the sake of not making these scams better.


I contacted one of these fake hackers. Note: I am not liable for anything you do. If you are going to do this, do not use your real name. Make sure that any information on the account you use to contact cannot be traced back to you. While it is unlikely that one of these fake hackers will go after you personally, it is safer not to risk it.

The conversation I had with the first scammer on Twitter was long, so I will not be posting the entire conversation.

I will be blurring out details. The username I gave the scammer is fake, but I want to blur it just in case.

Note that any spelling mistakes were intentional on my end. If the image is too small, right click and open in new tab, or just drag the image to the new tab spot.

The scammer starts off asking for my username. In reality, he just sits there for a few minutes pretending to lookup my information.

After two minutes, the scammer got back to me, saying that my account, which does not exist, is recoverable. He then asks if I want to get the account recovered, which I would assume anyone would want, only to reveal that he needs me to pay $60 for “template software” to recover the account.

Of course, there is no such thing as software to recover accounts. In this instance, the scammer attempts to confuse the victim by throwing out words that sound important. Phrases such as “template software” are basically nonsense words.

I wanted to have a little fun, so I asked if $1 was enough, and he settled with $40 instead. Needless to say, I am a master negotiator now.

The conversation goes on for another twenty screenshots worth of pages. He states that I should refer my friends to him for a discount, trying to get even more money out of innocent people through referrals. I think once most people figure out the scam, they will not refer him to their friends.

Reeling in the victim

Of course, no good scam is complete without trying to get money from the victim. This is a lower stakes scam, unlike social security scammers, who try to tack on as many zeroes as they can.

I asked if I could pay with cash, but that was obviously out of the question. He would never do this of course, but I was hopeful. Instead, he suggests that I pay using Bitcoin. I decided to not go for this route, because depending on how he has it setup, there could be no ties to him whatsoever.

I chose to go with a different platform that I could report to the company. While this will not stop the scams, it does slow them down.

He asks if I can go on WhatsApp instead, which probably means that he is afraid his Twitter account will be suspended soon. Moving to a different platform means that even if his Twitter account is suspended, he will be able to continue with the scam.

After realizing that I do not have WhatsApp, he then asks for my phone number, which a scammer could use for many reasons. I wouldn’t put it past these scammers to use any means necessary to get money out of their victims, so I did not provide a phone number. Maybe in the future I will if I get a burner phone.

I asked him to reveal my own phone number. If he was the great hacker he says he is, it would be no problem; however, he said that for technical reasons, he is unable to get my phone number because of software problems. Sound like a fancy way of saying “I’m a fraud”.

He asked me to pay him through a different app, and to put the reason of the transfer as “gift”. This is likely to avoid triggering anti-scam detectors that have been put in place by these apps.

Unfortunately, I forgot to record my messages with the Instagram fake hacker, but it went more or less the same way. From what I can tell, these companies are taking action on these bot accounts, when I checked back this morning, they were suspended.


While scams cannot be stopped, it is important to know about them. Send this article to your family and friends so they know how to avoid scams.

Bookmark our blog, we have more articles exposing scams coming out soon! If you want, you can also join our Discord Server.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected]