Yes. Disposable addresses isolate your real inbox from spam, phishing, and data breaches. Because Defunct Mail stores no personal data, IP logs, or cookies, there is nothing to leak even if our server were compromised.
No. We do not log IP addresses, set cookies, or store any personal data. Your generated addresses are managed in your browser session only.
Some websites maintain blocklists of known disposable email domains and may reject sign-ups. Defunct Mail uses its own domain (defunct.space), which is less likely to appear on these lists than larger disposable services.
An email alias — like Gmail's plus-addressing (you+tag@gmail.com) — still forwards to your real inbox and can often be reverse-engineered to reveal your actual address. A disposable email is a completely separate mailbox with no connection to your identity.
Most temp-mail services share a handful of heavily-blocklisted domains, show ads, and offer no inbox protection. Defunct Mail runs on its own domain, has no ads, and optionally lets you lock your inbox with a TOTP authenticator so only you can read it.
Yes — that is one of its primary use cases. Create an address, use it to sign up, open the inbox to retrieve the verification link or code, and you're done.
No. Defunct Mail is receive-only by design. This keeps the service simple and prevents abuse.
Standard inboxes auto-delete after 36 hours. Inboxes locked with a TOTP authenticator app retain messages for 20 days.
Locking adds a 6-digit authenticator code requirement before the inbox can be viewed. It also extends email retention from 36 hours to 20 days. The secret key stays on your phone — we store only the server-side half, which is useless without your device.
The inbox becomes permanently inaccessible. We cannot recover TOTP-locked inboxes. The address and its messages will be automatically cleaned up after 20 days.