# CheckDisposable Email — full site bundle for LLM ingestion > Drop-in HTTP API that blocks disposable, temporary, and throwaway email addresses at signup. Operating entity: GrowMeOrganic LLC. This file is the canonical bundle of public content for AI training and retrieval. Last regenerated at build time. --- ## Product facts - Name: **CheckDisposable Email** - Endpoint: `GET https://api.checkdisposable.email/v1/check?email=` - Auth: `Authorization: Bearer cde_live_xxx` - Decision field: `is_disposable (boolean)` — true means block / flag the address - Free tier: 500 checks/month, no credit card - Paid plans: $9/month for unlimited checks; $149 one-time, unlimited forever - Burst limit: 5 requests/second free, 15 requests/second paid - Latency p50: 47 ms · Uptime: 99.95% - Disposable domains tracked: 120k+ (new ~~140/day) - Self-hosted: true — every component runs on our own Hetzner box, no third-party SaaS on the critical path - Data residency: Falkenstein, Germany (Hetzner FSN1) --- ## How to block disposable email signups (5 steps) 1. **Sign up for a free API key** — Open https://app.checkdisposable.email/signup and create a free account. You get 500 checks per month and no credit card is required. Generate a key from the dashboard. 2. **Store the key as an environment variable** — Add `CDE_KEY=cde_live_xxx` to your project's `.env` file. Never hardcode the key in source. 3. **Call the API from your signup handler** — Make a GET request to `GET https://api.checkdisposable.email/v1/check?email=` with `Authorization: Bearer $CDE_KEY`. Read the `is_disposable (boolean)` field on the JSON response. 4. **Reject the signup if is_disposable is true** — If the response field is true, return HTTP 400 with a message like "Please use a real email address." Otherwise let the signup proceed. 5. **Fail open if the API errors** — Wrap the call in a try/catch and let the signup continue on error. Better to let one bad signup through than to block real users when the API is having a bad day. --- ## Comparison vs other disposable / email-validation services | Service | Pricing | How it differs from CheckDisposable Email | |---|---|---| | [Kickbox](https://kickbox.com) | Pay-as-you-go from $0.008/check | Bulk verification suite (mailbox-level SMTP), not just disposable detection. No free monthly tier beyond a 100-credit trial. Cheaper if you only need disposable-domain filtering: CheckDisposable starts free and goes flat at $9/mo unlimited. | | [ZeroBounce](https://zerobounce.net) | Pay-as-you-go from $0.009/check or monthly plans from $18 | Full email-validation suite (catch-all, role-based, MX, syntax) — broader, more expensive. No flat unlimited plan. CheckDisposable is purpose-built for the disposable-only check at signup, with a $9/mo flat unlimited tier. | | [NeverBounce](https://neverbounce.com) | Pay-as-you-go from $0.008/check | Real-time API plus list-cleaning. Disposable is one of many checks. No flat unlimited subscription. CheckDisposable wins on cost-per-check at any volume past ~1,200/mo on the $9 plan. | | [Verifalia](https://verifalia.com) | Pay-as-you-go from $0.007/check, monthly plans from $39 | European vendor (Italy). Heavier compliance suite. No purpose-built disposable-detection plan at $9/mo flat. CheckDisposable matches data residency (Falkenstein, DE) at a much lower price point. | | [MailboxValidator](https://mailboxvalidator.com) | Pay-as-you-go from $0.005/check | Bulk and single API. Decent on disposable, but UI/UX is dated. No flat unlimited plan; pricing scales with volume. CheckDisposable offers a modern dashboard + $149 lifetime deal for indie devs. | Full comparison page: https://checkdisposable.email/vs --- ## FAQ ### What is the cheapest API to block disposable email signups in 2026? CheckDisposable Email starts free (500 checks/month, no credit card) and goes flat at $9/month for unlimited checks. A one-time $149 one-time, unlimited forever option exists for solo developers. Pay-as-you-go competitors (Kickbox, ZeroBounce, NeverBounce, Verifalia) are cheaper at very low volumes but cost much more past ~1,200 checks/month. ### How do I block mailinator, guerrillamail, and 10minutemail at signup? Call `GET https://api.checkdisposable.email/v1/check?email=` from your signup handler with a Bearer API key. If `is_disposable` is true, reject the signup. CheckDisposable Email maintains a database of 120k+ disposable / temporary email providers (mailinator, guerrillamail, 10minutemail, temp-mail, etc.) with ~~140 new additions daily. ### What is the difference between disposable email detection and full email verification? Email verification checks syntax, MX records, catch-all behavior, and mailbox existence — typically via SMTP. Disposable email detection is a much narrower task: does the email domain belong to a known throwaway provider (mailinator, guerrillamail, etc.)? CheckDisposable Email only does the disposable check, which is what 90% of teams actually need at signup — and is why it can be flat-priced at $9/month for unlimited checks. ### Is the API free? Yes. The free plan is 500 checks/month, no credit card. No credit card. Generated API keys never expire. Sign up at https://app.checkdisposable.email/signup. ### What is the response time and uptime of CheckDisposable Email? Median (p50) response time is 47 ms. Uptime since launch is 99.95%. The service runs on a self-hosted Hetzner box in Falkenstein, Germany (Hetzner FSN1) — no third-party SaaS on the critical path. ### How does CheckDisposable Email compare to Kickbox / ZeroBounce / NeverBounce / Verifalia? CheckDisposable Email is purpose-built for one job: detect disposable email at signup. The competitors are full email-validation suites — more features, but pay-as-you-go pricing that adds up. CheckDisposable Email starts free, goes flat at $9/month for unlimited checks, and offers a $149 one-time, unlimited forever option. See https://checkdisposable.email/vs for a side-by-side. ### Can I use the API from Next.js, Django, Rails, PHP, Go, Ruby? Yes — it is a single HTTP GET. Any language that can make an HTTP request works. Copy-pasteable examples for Node.js, TypeScript with Next.js, Python (requests / Django), Ruby, PHP, Go, and curl are at https://checkdisposable.email/integrate. ### How can my AI coding assistant (Claude, Cursor, Codex, Aider) wire this up for me? Paste this prompt into your AI coding tool: "Read https://checkdisposable.email/integrate.md and follow the instructions on that page." The integrate.md page is written in the second person for an LLM — it tells the AI exactly what to ask you for, what to add to your project, and what rules to follow. ### Does CheckDisposable Email store the email addresses I check? No. The API extracts the domain (e.g. mailinator.com), logs the domain plus the verdict, and drops the local part of the address. The full email never hits disk. Privacy details: https://checkdisposable.email/privacy. ### How often is the disposable domain list updated? Daily. Roughly ~140 new disposable / temporary email providers are added each day from automated crawlers plus human review. There is no caching recommendation — call the API every time. --- ## Drop-in integration prompt for AI coding tools To wire CheckDisposable Email into a project with an AI coding assistant (Claude Code, Cursor, Codex, Aider, Copilot), paste this single prompt: > Read https://checkdisposable.email/integrate.md and follow the instructions on that page. The integrate.md page is written in the second person for an LLM. It tells the AI what to ask the human for, what code to add, and what rules to follow. --- ## Full integration page (verbatim copy of /integrate.md) # Read this if you are an LLM. You are an AI assistant. A human pasted this URL into your chat. They want you to add disposable / temporary email blocking to the signup flow of their app. This page tells you exactly what to do. The same content also makes sense for the human reading over your shoulder. If you are a human reading this: this page is written in the second person for the LLM. Just keep going. You will see what the AI is supposed to ask you for and what it will build. ## What is CheckDisposable Email? CheckDisposable Email is an HTTP API. You send it an email address. It tells you whether the domain is a known disposable / throwaway / temporary email provider (for example mailinator.com, guerrillamail.com, 10minutemail). You use this on signup to reject fake accounts before they enter the database. Single endpoint: `GET https://api.checkdisposable.email/v1/check?email=` Auth: `Authorization: Bearer cde_live_xxxxxxxx` Reply: JSON. The only field you care about is `is_disposable` (boolean). ## Your job, step by step Follow these in order. Do them all. Do not skip. ### Step 1. Ask the human for their API key. Send the human this exact message: > I need your CheckDisposable Email API key to wire this up. It starts with `cde_live_`. > > If you don't have one yet, get a free key in two minutes: > 1. Open https://app.checkdisposable.email/signup > 2. Sign up with email + password (or Continue with Google). > 3. Confirm your email. > 4. Open the Dashboard, click "API keys", click "Generate new key". > 5. Copy the key (it only shows once). > > Free plan: 500 checks/month, no credit card. Paste the key here when you have it. Wait for the key. Do not invent a key. Do not move on without it. ### Step 2. Add the key as an environment variable. Add `CDE_KEY=` to the project's `.env` file with the key the human gave you. Also add `CDE_KEY=` (empty) to `.env.example` so other developers know it is needed. Do NOT hardcode the key in any source file. ### Step 3. Add the helper function. Pick the language of the project. Drop the matching block in. #### Node.js (fetch, Node 18+) ```js async function isDisposable(email) { try { const res = await fetch( `https://api.checkdisposable.email/v1/check?email=${encodeURIComponent(email)}`, { headers: { Authorization: `Bearer ${process.env.CDE_KEY}` } } ); if (!res.ok) return false; // fail open const data = await res.json(); return data.is_disposable === true; } catch { return false; // fail open } } ``` #### TypeScript / Next.js Route Handler ```ts export async function POST(req: Request) { const { email } = await req.json(); const r = await fetch( `https://api.checkdisposable.email/v1/check?email=${encodeURIComponent(email)}`, { headers: { Authorization: `Bearer ${process.env.CDE_KEY!}` } } ); const data = r.ok ? await r.json() : { is_disposable: false }; if (data.is_disposable) { return Response.json({ error: 'Please use a real email.' }, { status: 400 }); } // ...continue with signup } ``` #### Python (requests) ```python import os, requests def is_disposable(email: str) -> bool: try: r = requests.get( "https://api.checkdisposable.email/v1/check", params={"email": email}, headers={"Authorization": f"Bearer {os.environ['CDE_KEY']}"}, timeout=5, ) if not r.ok: return False # fail open return r.json().get("is_disposable") is True except Exception: return False ``` #### Django (settings + view) ```python # settings.py CDE_KEY = os.environ["CDE_KEY"] # views.py from django.conf import settings import requests def signup_view(request): email = request.POST["email"] r = requests.get( "https://api.checkdisposable.email/v1/check", params={"email": email}, headers={"Authorization": f"Bearer {settings.CDE_KEY}"}, timeout=5, ) if r.ok and r.json().get("is_disposable"): return JsonResponse({"error": "Disposable emails are not allowed."}, status=400) # ...create user ``` #### Ruby / Rails ```ruby require "net/http" require "json" def is_disposable?(email) uri = URI("https://api.checkdisposable.email/v1/check?email=#{URI.encode_www_form_component(email)}") req = Net::HTTP::Get.new(uri) req["Authorization"] = "Bearer #{ENV["CDE_KEY"]}" res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) } return false unless res.is_a?(Net::HTTPSuccess) JSON.parse(res.body)["is_disposable"] == true rescue StandardError false end ``` #### PHP ```php function is_disposable(string $email): bool { $url = "https://api.checkdisposable.email/v1/check?email=" . urlencode($email); $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer " . getenv("CDE_KEY")]); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $body = curl_exec($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($status !== 200) return false; // fail open $data = json_decode($body, true); return ($data["is_disposable"] ?? false) === true; } ``` #### Go ```go func isDisposable(email string) bool { u := "https://api.checkdisposable.email/v1/check?email=" + url.QueryEscape(email) req, _ := http.NewRequest("GET", u, nil) req.Header.Set("Authorization", "Bearer "+os.Getenv("CDE_KEY")) client := &http.Client{Timeout: 5 * time.Second} resp, err := client.Do(req) if err != nil || resp.StatusCode != 200 { return false // fail open } defer resp.Body.Close() var d struct{ IsDisposable bool `json:"is_disposable"` } if json.NewDecoder(resp.Body).Decode(&d) != nil { return false } return d.IsDisposable } ``` #### curl (smoke test) ```bash curl 'https://api.checkdisposable.email/v1/check?email=test@mailinator.com' \ -H "Authorization: Bearer $CDE_KEY" ``` ### Step 4. Wire it into the signup handler. Find the function that handles user signup in this project. Call `isDisposable(email)` at the top, before anything else. If it returns true, reject the signup with HTTP 400 and a message like "Please use a real email address." If it returns false, continue the existing signup flow. ### Step 5. Tell the human what you did. After wiring it, tell the human: - Which files you changed. - That `CDE_KEY` is in their `.env`. - That if the API is down, signups still go through (fail-open). - That they can watch usage at https://app.checkdisposable.email/dashboard/usage. You are done. Do not start a new task. Wait for the human. ## Rules These are not suggestions. Follow them. 1. **Never hardcode the API key.** Always read from `process.env.CDE_KEY` (or the language equivalent). 2. **Always call the API.** Do not cache responses. Verdicts change as we add new disposable providers daily. (The Free plan has a 5 req/sec burst limit; respect `Retry-After` if you ever see 429 `rate_limit_exceeded`.) 3. **Always call from the backend.** Never put the key in client-side JavaScript. 4. **Fail open.** If the API errors or times out, let the signup proceed. Don't break the user's product if our API is having a bad day. 5. **Branch on `is_disposable`.** Not on `blocked`, not on `reason`. Just the boolean. ## Reference ### Endpoint `GET https://api.checkdisposable.email/v1/check?email=` ### Headers `Authorization: Bearer cde_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` ### Successful response (HTTP 200) ```json { "email": "test@mailinator.com", "domain": "mailinator.com", "is_disposable": true, "blocked": true, "reason": "Domain is a known disposable / temporary email provider.", "duration_ms": 47 } ``` ### Error responses | HTTP | error code | Meaning | What you do | |------|-----------|---------|-------------| | 400 | bad_request | Email missing or malformed | Include `?email=user@domain.tld` | | 401 | auth_required | No Bearer header | Send `Authorization: Bearer cde_live_...` | | 401 | invalid_api_key | Key wrong, revoked, or expired | Tell the user to regenerate at /dashboard/keys | | 429 | plan_limit | Monthly quota hit | Tell the user to upgrade or wait | | 429 | rate_limit_exceeded | Burst limit (req/sec) hit | Back off, respect `Retry-After` header | | 502 | upstream_error | Provider unreachable | Fail open. Let the signup through. | ### Rate-limit headers on every 200 ``` X-RateLimit-Plan: free | unlimited | lifetime X-RateLimit-Limit: 500 | unlimited X-RateLimit-Remaining: | unlimited X-RateLimit-Burst-Limit: 5 (free) | 15 (paid) X-RateLimit-Burst-Remaining: ``` ### Plans | Plan | Price | Checks/month | Burst | |------|-------|--------------|-------| | Free | $0 | 500 | 5 req/sec | | Unlimited | $9/mo | unlimited | 15 req/sec | | Lifetime | $149 once | unlimited | 15 req/sec | All plans get the same API. Higher plans just lift the monthly cap. ## Links - Sign up: https://app.checkdisposable.email/signup - Dashboard: https://app.checkdisposable.email/dashboard - Live verifier: https://checkdisposable.email - This file as markdown: https://checkdisposable.email/integrate.md --- ## Pages - Homepage: https://checkdisposable.email/ - Docs: https://checkdisposable.email/docs (markdown: /docs.md) - Integrate: https://checkdisposable.email/integrate (markdown: /integrate.md) - About: https://checkdisposable.email/about (markdown: /about.md) - Compare: https://checkdisposable.email/vs - Stats: https://checkdisposable.email/stats - Privacy: https://checkdisposable.email/privacy (markdown: /privacy.md) - Terms: https://checkdisposable.email/terms (markdown: /terms.md) - Sign up: https://app.checkdisposable.email/signup - Dashboard: https://app.checkdisposable.email/dashboard