Upcoming Updates for TempMail

See some of the upcoming features for TempMail in this article!

1,200,000 emails and 500 hourly inboxes are incredible numbers! With the growth of the website, I would like to make some additions to further help people with their privacy in using TempMail.

These features will be added during November of this year through February of next year. They will not be added in any particular order, though.

Desktop App

While navigating to the website is easy, a desktop app can save a few clicks. The desktop app will be available to download on Windows, Mac, and Linux-based systems in the upcoming month.

POP3/IMAP Support

This has been planned for a while. Our customized protocol is not compatible with others; however, we plan to add support for POP3/IMAP soon as well. The intended design will allow users to sign in with the temporary email with the token as the password, instead of using HTTPS with our own protocol.

More Language Support

English is one of the most common languages; however, a great deal of our traffic comes from outside English-speaking countries. We will add multiple language support for the website. Our app, AnonyMail, already supports a few languages!

More (Programming) Language Support

We plan to create more libraries for more programming languages. As of now, we have one for JavaScript, Java, and Python, which are the most commonly used languages for scripting. Our next target languages include Rust, C, and Go.


Thank you to everyone who has used the website so far, and to those who will use it in the future! If you have any questions, feel free to write a comment below.

Major Updates for TempMail

We’ve released one of our biggest updates yet. This update includes custom domains, public domains, and more!

TempMail.lol has been running for almost a year since it started as Exploding Email. In that time, we’ve made a lot of changes to the website. In this article, we’ll go over some of the major changes that have been made recently.

Custom Domains

While this used to be a feature of Exploding Email, it has been added back into TempMail with a great implementation. You can now choose if you want your custom domain to be private (that is, only you can access it), or public (anyone can make Alternative Emails through your domain).

Private Domains

With private domains, you are given a token to “login” to the domain to retrieve emails. This prevents random people from reading the emails on your domain. Note that private domains can only store up to five emails across the entire domain before needing to be emptied by getting the emails (earliest emails are stored).

Public Domains

Public domains are a bit different: they are put into the pool of Alternative Domains, so people can generate emails with your domain, helping to avoid TempMail detection. If you have a spare domain you are not using, consider adding it!

Overview of Custom Domains

Overall, custom domains will help everyone. Private custom domains are currently in beta and are free during this period, they may be behind a subscription-based service in the future. Adding public pool domains will always be free.

Custom domains have also been added to the API. Support for custom domains will be added to libraries within the upcoming weeks.

API Changes

You can now choose a domain you want to generate! This allows you to choose from any existing default/alternative domains. Here’s an example:

curl https://api.tempmail.lol/generate/example.com

This will generate an email at the domain you specify (in this case, example.com).


As September starts, we have added more features to the website while keeping the core principle of the website the same, a temporary email generator. If you just use the normal website with its .com domains, nothing will change. Alternative emails will be getting a larger pool of domains to pick from, which will help avoid detection.

Looking ahead, we plan to add even more features, such as support for the POP3 protocol, bigger storage for private domains, and more!

Lastly, we’ve processed 520,000 emails! This number is insane, and we hope it will continue to grow as more people use our service. Spread the word, and bookmark our site! If you have any questions, suggestions, or just want to talk, join the Discord server below!

Introducing Alternative Domains for TempMail

Introducing our new feature: alternative domains! Alternative domains allow you to generate emails that bypass certain website restrictions.

Ever tried to signup for a website using one of our domains but have had it fail? Thankfully, we are introducing something new: alternative domains.

Alternative domains allows you to use less common website endings (such as .cfd, .lol, and .shop). These endings are much cheaper than common endings (such as .com, .net, or .org), but may not work as reliably as common endings.

What does this mean for me?

If you use the regular domains, nothing will change. The website will still function the same way it has.

How do I use it?

Simply toggle the switch on the homepage under the Copy and Regenerate buttons.

If you do not see the switch, hold Control and click F5 on your keyboard to reload the page.

Developers: does this break the API?

No. For the TempMail.lol API, the /generate endpoint will still work. If you wish to generate alternative emails, please use the /generate/rush endpoint instead. This will be added to TempMail APIs in the following weeks. Alternative domains are on the same rate-limit as normal domains (30/minute).


Thank you to everyone who has used the website so far! We are approaching 300,000 emails received and have around 200 hourly active users. We hope this addition to the website will help people get around websites censoring our email addresses.

My Take on GitHub Copilot

GitHub Copilot is one of the most practical uses of AI; however, it has some key disadvantages.

GitHub Copilot is one of the most advanced and practical uses of artificial intelligence that I have seen. I started using it around the middle of 2021 and have been ever since; however, I have noticed that it has changed throughout this time, and for the better, too.

What is Copilot?

Copilot is an Artificial Intelligence trained on public code using the OpenAI Codex engine. It is able to complete code you write, turn comments into code, and even write code based on the name of a method.

Is Copilot free?

During the technical preview of Copilot, it is free to use once you have been accepted. You can signup for the waitlist here, it took around one week for me to get in.

After the technical preview, GitHub Copilot will be free for students and verified open-source projects, while requiring a subscription for other users. According to their plugin page:

Once GitHub Copilot is generally available, it will require a subscription. It will be free for verified students and maintainers of popular open source projects on GitHub.


There is no posted cost for the subscription as of now.

As of July 2nd, the cost for a subscription is $10/month, and if you pre-pay for a full year, it is $100

My thoughts on Copilot

I think it is amazing to see practical uses of Artificial Intelligence. Having AI write code is going to help write even better AI in the future, and with the GPT-4 engine coming out in the near future, it will soon be able to write code on-par with any person.

This comes at a cost though. Depending on the cost of a Copilot license, companies can hire less experienced developers and give them Copilot to write their code. People have been saying this for a while now, but I think that companies may be skeptical to adopt this new technology.

According to their FAQ, GitHub states that 0.1% of the suggestions will be directly from training:

We found that about 0.1% of the time, the suggestion may contain some snippets that are verbatim from the training set.


This could create problems with code under attribution-based licenses, or worse, proprietary licenses that do not allow you to redistribute the code. It is unlikely that Copilot would take the blame for any copyright infringement.

There is a video on YouTube by Engineer Man that covers some of these points in detail, it is well worth the watch:

Of course, using Copilot is going to help save you time, and if you are an experienced developer, it will not be as big of a crutch. The problem comes when people who are new to coding use it; for example, students who are just learning to code may use it without actually understand what the code that Copilot wrote is actually doing.

Writing your own code, making mistakes, and improving from those mistakes is the way I—and many others—learned to code. My concern is that this can be used for cheating in assignments, and when it comes to actually writing code for a test where students do not have access to Copilot, they likely will not be able to do so.

Does this mean you should not use Copilot?

Depends. If you are an experienced developer, I would say that it is fine, as long as you actually understand what Copilot is writing and can write it yourself without Copilot. If you are new to programming or somewhat proficient, I would suggest not using it, as you will become dependent on it.

My experience with Copilot

I’ve used Copilot for a while, and for new projects that I start on, Copilot can be a distraction. Granted, my IDE has a keyboard shortcut to disable/enable Copilot, it can be distracting when you’re thinking about how to write something and a block of code appears before you. Your attention is diverted to the code Copilot wrote, and if it is not what you want, it wastes time.

In this example, I wanted to make it so that four specific items were removed from local storage. Since Copilot does not seem to notice the code below where the completion suggestion is, it does not know the fields I want to remove.

Code in cyan is Copilot

For this, clearing all of local storage would be bad, as there are other things that need to be stored besides those four variables.

Copilot has been useful in other ways though. For this website, https://tempmail.lol, I used Copilot to help write some of its code. In particular, getting certain Unicode characters in HTML form can take time, whereas Copilot can do that in just a few seconds.

Code in cyan is Copilot


Even the name of the service, “GitHub Copilot”, is enough to say that it is not something to write code for you, but rather to assist you in writing code, or to be your… copilot… get it?

While I will use it occasionally to help with writing tedious code, it does not mean you should as well. Look at the code Copilot produces, could you have written that code yourself without looking it up online? If not, maybe you should wait to use Copilot.

If you have any questions, feel free to email me: [email protected] (public key here). I am also on Session if you want to talk directly.

See if your Email Client is Leaking your IP Address

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

Email is used every day, but did you know your email client may be leaking your IP address? Here, you can tell if your email client is leaking your personal IP address.

First, thanks to macvk for making this test open-source. You can click the button below to generate an email, then email it to determine if your email client is leaking.

Your IP address:
Start Test

What if my client is leaking?

Update your existing mail client. If no update is available, download a new one. For Windows and MacOS users, the default mail app works well.

If you use an online Email provider, such as Gmail, you do not need to worry about your IP leaking, as long as you use the official Gmail website.

I tested several email clients that allow you to connect a Gmail account, and some leaked. If you want to ensure no-one gets your IP address, use the official Gmail client.


Stay safe! If someone does get your IP address, it isn’t the end of the world. There’s… not much they can do with it, besides get your internet provider and the city you live in.
Simply, you can unplug your router, wait 30 seconds, and plug it back in. Chances are that your ISP will have assigned your router a new IP address since it disconnected.

If your ISP assigns static IP addresses, contact them on how to change it, make sure to note your IP address before and after you unplug, as certain areas will only have IP addresses that are off by one or two digits.

This test made available from vpn-leaks-test by macvk, licensed under the GPLv3 License.

Security – Your VPN Does Not Keep you Secure

VPNs can be misleading, learn exactly what a VPN does and doesn’t do to protect your online security.

VPNs, something we have all seen online, and recently they have made their way into TV commercials, promoting their “one-click security” software; however, this could not be further from the truth.

The basic goal of a VPN is to change your IP address; though, this is easy to detect. If you use an online account, you will still be tracked online, as that account may have your real name, email address, or even more information attached to it.

I’ll go over the main points of what a good VPN does and does not do:
A good VPN will:

  1. Hide which websites you visit
  2. Hide your actual IP address from the website
  3. Change your “location” to make it seem as if you are in a different city, state, or even country.

For this website, TempMail.lol, you are connected securely. Your ISP (Internet Service Provider) can see you are connected to https://tempmail.lol/, but cannot see anything after the slash; all of that information is encrypted before being sent to our servers. You can distinguish encrypted websites from non-encrypted websites by seeing if they start with HTTP (Hyper Text Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol Secure). Note: just because a website has HTTPS, it does not mean that the website is trustworthy. Anyone can get a certificate to encrypt their connection for free. For more information, see the following post: HTTPS – Secure Websites are not Always Trustworthy.

Now, a good VPN WILL NOT do any of the following:

  1. Make you completely anonymous
  2. Hide all of your Internet activity
  3. Make your Internet or computer more secure
  4. Completely protect you from viruses

Additionally, the government of the VPN company may issue a gag order, telling them to start logging information, such as websites users visit, their original IP address, and even website data for unencrypted connections.

How do I have Better Online Security?

There are basic tips to staying secure online, here is a list of some of those.

  1. Do not give out your email address to random websites.
  2. Watch out for websites that may ask you to install extensions. Websites will not require you to enable notifications to use the site; only enable notifications for websites you trust.
  3. If you are signing up for a website which you are not going to use in the future, try using a temporary email provider, such as TempMail.lol, which will generate a temporary email address with no ties to you.

Of course, the most important rule is to make sure that you, the person reading this text, do not interact with things that seem sketchy, or at the very least, be more skeptical of what you download online. As part of our blog, we have articles about scams in the Scam category on different types of scams and how you can avoid them.

HTTPS – Secure Websites are not Always Trustworthy

HTTPS, while secure, does not mean a website is legitimate. See how scammers obtain secure websites to trick potential victims.

We’ve been taught that secure websites (those that start with https rather than http) are more trustworthy than those that do not. While this has some validity to it, this is not always the case.


HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) define how websites are transferred from the server to you, the client. HTTP sends data unencrypted, anyone who has an antenna at the right frequency, a line listening in between the router and the Internet provider, or any of the other steps along the way, can see exactly what you request, and what the website returns to you (this can include personal information), which is why HTTPS is used now.

HTTPS encrypts your data, so information you send to the website (such as your name, credit card details, etc.) cannot be intercepted by hackers listening in on the conversation; however, this does not make the site trustworthy.

For a site to use HTTPS, they must first acquire a certificate from a provider. There are some providers (such as Cloudflare) that are free, which can allow scammers to host a (now secure) phishing website. While services such as Cloudflare do take down phishing scams, often they have already moved on to another scam, making them difficult to stop.

What does this mean for me?

While it encrypts your Internet activity from you to the website, HTTPS does not mean that a website is secure. Scams are everywhere, and scammers are easily able to obtain certificates to secure their website, making it look legitimate to potential victims of the scam.

Online scams usually have several red flags. If you see some of these red flags, you should leave the site instantly. As part of the TempMail.lol blog, we will be releasing several articles on scams on the Scams category with information on how the scam works, signs of the scam, and how to avoid them. Stay tuned!

You’re Probably in a Data Breach – Here’s How you Check

Data breaches can be scary, learn how to find out if you’re in one and how to recover from one if you are.

Did you know that a lot of people are in a data breaches who don’t even realize it? Fortunately, there are websites that exist that allow you to check if you are part of a data breach.

HaveIBeenPwned is a website that allows you to enter an email address/phone number/password (we’ll get to how they check passwords securely later).

Checking email addresses

You can enter your email address to check if you are part of a data breach.

For this instance, I’ll be checking [email protected], and at the time of writing, this email has been part of 79 data breaches, ouch!

Too bad for this dummy email, it will be getting a lot of spam in the future!

What if I’m part of a breach?

Chances are, one of your email addresses were part of a data breach. There is no undoing this, but there are things you can do going forward.

  1. If you are signing up for websites you will not use in the future, use a temporary email provider, such as TempMail.lol, which is actually much safer than using an email dedicated for dubious websites. This will also prevent same email-based tracking.
  2. Change the password you used on the pwned websites, then, if you used that password on any other website, change the passwords for those websites. It can get very tedious, but well worth having the peace of mind!
  3. Use a password manager. Firefox and Google Chrome have built-in password managers, and even have options for allowing users to sync their passwords to mobile devices!

Checking passwords

Putting your passwords into a data breach checker can seem very sketchy, and I was off-put at first until I learned how it worked. You send a portion of your hashed password (which you can obtain by using this website using the sha-1 algorithm), then they return a list of possible passwords, which your browser checks. Your password is not revealed to anyone during the process.


Use a password manager. Google Chrome and Firefox have built-in password managers that sync with devices, and Apple users can use iCloud Keychain to securely sync long passwords between devices. Stay safe!

How to get a Temporary Email Address

Ever wondered how to get a temporary email address? Check out TempMail.lol and generate one for free!

Temporary email address generators are one of the more useful tools you can find on the internet, but not a lot of people know about them. Thankfully, there are tools, such as TempMail.lol, that will allow you to generate a random, secure, and temporary email address that you can use to signup for websites.

How does it work?

TempMail.lol generates a temporary email address, and you can use it to register for accounts online. When we receive the email on our servers and sent to you, it is deleted from our end, so we never know who uses our services.

What can I use it for?

Anything! Well, almost anything! The intent of TempMail.lol is to allow users to sign up for websites they will not use in the future or to test their email to make sure that emails they send are going through correctly.

It is NOT a replacement for your everyday email. As per the name, the emails are temporary. After one hour in time, your email will be erased, and no one else will be able to access it after that time.

How does this help me?

Spam is everywhere! Let’s say you signup for a website that, to view the price for a car, you are required to give your email address. Several days after signup, they may sell your email address to advertisers, flooding your inbox with spam! If a TempMail.lol email is sold, it’ll go to an inbox which will not exist once the spam is received.

This is especially relevant for websites which require you to not only enter an email, but confirm it as well. You can confirm email addresses received to TempMail.lol emails.

Best news of all, the site’s colors are easy on the eyes!