How to check if an email is disposable (3 methods that actually work)

• Fastest single check? Paste the address into the free user.cleaning verifier — domain match returns in 1–3 seconds.
• Best for production signup forms? A real-time API call that runs before the account is created.
• Cheapest fallback? A community-maintained disposable-domain list as a client-side hint. Not sufficient for actual signup blocking — these lists are incomplete and lag the real disposable-provider population by days to weeks.

A disposable address that gets through your signup form costs you in three places: the account exists in your CRM but won't activate, your email metrics are skewed, and your sender reputation slowly degrades from sending to inboxes that are never read.

Catching disposable addresses at signup is dramatically cheaper than cleaning them up later. A single API call before the form submits prevents the bad data from ever entering your system. Cleanup after the fact requires re-verifying the entire list, suppressing the matched contacts in every downstream tool, and explaining the lower numbers to whoever owns the dashboard.

Definitions and background are covered in the companion post on what a disposable email address is. This post focuses on the mechanics of detection.

Warning first: community-maintained disposable-domain lists are incomplete. They typically track a fraction of the real disposable-provider population, lag the actual market by days to weeks, and miss the majority of newly-spun-up domains. They are useful as a zero-cost client-side hint or fallback — they are not enough on their own for any business where fake signups have real cost. Always pair them with a continuously-updated server-side source.

With that disclaimer: download a community-maintained list and check incoming addresses against it. Action checklist:

1. Fetch the list as JSON from a public source.
2. Load the domain list into a Set or hashmap at app startup.
3. Extract the domain from the submitted address (the part after @, lowercased).
4. Check whether the domain is in the set. If yes, reject or flag.
5. Refresh the list weekly via cron or CI job.

Sample Node.js implementation:

const disposableDomains = new Set(
  await fetch("https://example.com/your-disposable-list.json")
    .then(r => r.json())
);

function isDisposable(email) {
  const domain = email.toLowerCase().split("@")[1];
  return disposableDomains.has(domain);
}

The trade-off is freshness. New disposable providers launch every day; community-maintained lists lag by days or weeks. Expect to miss a significant share of disposable signups — easily 20–50% compared to a continuously-updated commercial source.

Call an email verification API at form submit. The API checks the address against a continuously updated list, performs MX inspection, and returns a verdict in under one second.

Sample call to user.cleaning's verification API:

const response = await fetch("https://api.user.cleaning/v1/verify", {
  method: "POST",
  headers: { "Authorization": `Bearer ${API_KEY}`, "Content-Type": "application/json" },
  body: JSON.stringify({ email: submittedEmail })
});

const { category, is_disposable, mx_present } = await response.json();

if (is_disposable) {
  return { error: "Please use a permanent email address." };
}

Action checklist:

1. Sign up for an API key (user.cleaning gives 100 free credits, no card required).
2. Add the call to your signup endpoint, before account creation.
3. Time-box the call to 800ms with a fallback to 'allow' so the form never hangs.
4. Log the verdict for every submission to track how the disposable share changes over time.
5. Surface a friendly error message; don't expose the raw API response.

The latency cost is 200–600ms per call. For most signup flows that's acceptable; for high-volume API integrations it pays to cache results for 24 hours per address.

Many form-builder tools and signup libraries ship with disposable-domain blocklists baked in. The list is usually smaller and updated less frequently than commercial APIs, but you get coverage for free.

Tools that include disposable-domain checks out of the box:

• Auth0 (in their Universal Login form)
• Stripe Checkout (for new account creation)
• Most modern form-builder SaaS (Typeform, Tally, Fillout)
• React libraries like email-validator with the disposable-emails plugin

This works as a fallback layer. Use it for low-stakes signups (newsletter, blog comments) where the false-negative rate doesn't matter much.

For any signup flow where a fake account costs you anything, an open-source list alone is not sufficient — its coverage is too narrow and its update cadence is too slow. The pragmatic pattern is to layer them: open-source list as an instant client-side hint, commercial API as the authoritative server-side gate on every submit.

If you want to verify a single suspicious address without any tooling, three signals usually give it away:

1. The local part is random characters (xz9k2m@...), not a name or word.
2. The domain is unfamiliar and short (often four to seven letters).
3. A quick search for the domain returns 'temporary email' or '10-minute mail' results.

The free user.cleaning verifier automates the same check and adds MX inspection — useful when the domain looks legitimate but isn't.

Blocking is the right default for accounts with meaningful unit economics. The error message matters, though — 'invalid email' is frustrating to a user who just typed a real address into a domain you don't recognize.

Better copy patterns:

• 'We don't accept temporary email addresses. Please use your work or personal email.'
• 'This email provider is on our blocklist. Try another address?'
• For B2B forms: 'Please use your company email address.'

The third version doubles as a lead-quality filter — disposable-blockers and free-provider-blockers (@gmail.com rejection) often run together for B2B SaaS targeting larger accounts.

A counterpoint, from a thread on r/SaaS: a founder posted that strict disposable-blocking dropped their free-trial signups by 18%, but free-to-paid conversion went up enough that net revenue increased. The math depends on your funnel.