Disposable email addresses are quite widespread and for different reasons. Some people believe that using throwaway or temporary email addresses helps them protect their privacy. Others, however, use these in more questionable endeavors — hence the relevance of monitoring disposable email domains.

Doing so can help organizations keep spam and phishing emails away and improve key email marketing metrics. Email security solutions can further be strengthened too with a list of disposable email domains at hand.

We analyzed one such a list which, as of 31 July 2020, contained 109,352 disposable email domains. This is enough to create millions of throwaway email addresses.

Categorizing Our List of Disposable Email Domains

The list of disposable email domains that we obtained contains a wide range of domain names, but four categories stood out.

Random-Looking Email Domains

First on the list are random-looking and what could be machine-generated email domains. It is possible that these were created using a domain generation algorithm (DGA), a common method that allows malware families to communicate with their command-and-control (C&C) servers while evading detection. Some disposable email domains are random strings of numeric characters such as:

• 01428570[.]xyz
• 01502[.]monster
• 0164445[.]com
• 01689306707[.]mobi

Some make use of alphanumeric characters:

• 00b2bcr51qv59xst2[.]cf
• 00b2bcr51qv59xst2[.]ga
• 0440tlrfm056aznoelu9775[.]com
• 0440tvrzee5qzzbpreu8481[.]com

The last two disposable email domains above were deemed suspicious and spammy according to VirusTotal.

Typosquatting Email Domains

We also noticed some online entities on the list of disposable email domains that seem to be mimicking popular brands. These domains could have been created in the hope that users mistype the brands' official domains. They could also be used to mislead users into opening a phishing or scam email.

Three disposable email domains on the list seem like PayPal copycats. These are via-paypal[.]com, paypal[.]comx[.]cf, and paypalserviceirc[.]com. Three may not be a huge number, yet via-paypal[.]com has already been reported for phishing.

About a dozen disposable email domains also seem to mimic avito[.]ru. Based on WHOIS Lookup results, none of these are under Avito Holding AB, the registrant organization indicated in the WHOIS record of avito[.]ru.

• avito-boxberry[.]ru
• avito-dilivery[.]ru
• avito-office[.]ru
• avito-package[.]ru
• avito-payshops[.]ru
• avito-repayment[.]online
• avito-safe[.]online
• avito-save[.]online
• avitoguard[.]online
• avitosafe[.]online
• avitoxpress[.]online

Avito is the largest classified ads website in Russia and the second-largest globally, next to Craigslist. Anyone that lands on an imitation website could become a victim of data theft, ransomware, and other cybercrime.

Coronavirus- and COVID-19-Inspired Email Domains

The list of disposable email domains detected more than 30 domain names related to coronavirus and COVID-19. Some suggest providing news updates and information about the coronavirus, while others allude to discussing the pandemic's economic effects.

A number of the pandemic-inspired email domains are associated with phishing, malware, and other suspicious activities.

Finance-Targeted Email Domains

Hundreds of finance-related domains were also on the list of disposable email domains. We used the strings "crypto," "insurance," "loan," and "bank." These email domains could be used in scams and cyber attacks targeting financial institutions.

Breaking Down the List of Disposable Email Domains by TLD

Several studies have established that people tend to trust URLs and domains with the .com generic top-level domain (gTLD). In terms of usage in disposable email domains, .com also takes the lead, accounting for about 34% of the total disposable email domains. The remaining email domains are distributed between 126 other TLDs.

The chart below shows the top 20 TLDs used in the list of disposable email domains. Of the 20 TLDs, eight are country code TLDs (ccTLDs), namely, .ru, .tk, .ga, .ml, .cf, .gq, .us, and .pl.

Knowing that shady individuals sometimes use disposable email addresses, people should not trust recipients based on TLD usage alone.

This short analysis of the list of disposable email domains shows that there is a need to protect networks from disposable email addresses. These email domains could serve as an entry point for attackers to carry out malware infections, financial scams, data theft, and other forms of cybercrime.