Email & Temp Mail Glossary
Plain-English definitions of the terms behind temporary email, privacy and deliverability — from disposable inbox and alias to SPF, DKIM and OTP. Each entry links to a deeper guide where we have one.
- Alias
- An alternative email address that forwards to your real inbox. Giving each service its own alias lets you see who leaked or sold your address and shut down just that alias without exposing your primary address. Read more →
- API key
- A secret token that authenticates programmatic requests to an API. EvilMail sends it in the X-API-Key header so software can create inboxes and read mail without a login. Read more →
- Blocklist (blacklist)
- A list of IP addresses or domains flagged as sources of spam or abuse. If a sending domain lands on a major blocklist, its mail is rejected or sent to spam by many providers.
- Bounce (hard / soft)
- A delivery-failure notice. A hard bounce is permanent (the address does not exist); a soft bounce is temporary (mailbox full, server down) and may succeed on retry. Read more →
- Burner email
- A throwaway address used once — typically to receive a single verification code or download — and then abandoned. A synonym for a disposable email address.
- Catch-all
- A mailbox rule that accepts mail sent to any address at a domain, even addresses that were never explicitly created. Useful for owning an entire domain’s worth of unlimited addresses. Read more →
- Deliverability
- The likelihood that a legitimate email actually reaches the inbox rather than the spam folder or a bounce. It depends on sender reputation, authentication (SPF/DKIM/DMARC) and content. Read more →
- Disposable email
- A real, working inbox meant to be used for a short time and then discarded. It receives mail like any address but is never tied to your identity or primary inbox. Read more →
- DKIM
- DomainKeys Identified Mail — a cryptographic signature added to outgoing mail that lets receivers verify the message was really sent by the domain and was not altered in transit. Read more →
- DMARC
- A policy published in DNS that tells receiving servers what to do when SPF and DKIM checks fail — accept, quarantine, or reject — and where to send authentication reports. Read more →
- DNS
- The Domain Name System — the internet’s address book that maps domain names to servers. Email relies on DNS records such as MX, SPF, DKIM and DMARC. Read more →
- Envelope
- The routing information exchanged between servers during an SMTP conversation (the real sender and recipient). It is separate from the visible From/To headers inside the message. Read more →
- Device fingerprinting
- Identifying a device from a combination of its browser and network characteristics. Anti-abuse systems watch how often a fingerprint reappears to spot bots creating many inboxes.
- Forwarding
- Automatically redirecting mail arriving at one address to another. It underpins aliases: mail hits the alias and is forwarded to your real inbox. Read more →
- Greylisting
- An anti-spam tactic where a server temporarily rejects mail from an unknown sender, expecting a legitimate server to retry shortly. It can add a short, one-time delay to first delivery.
- Email header
- The metadata at the top of a message — From, To, Subject, Date and the chain of Received lines — that records where a message came from and how it travelled. Read more →
- Honeypot
- A hidden form field or unadvertised address designed to catch automated bots. Humans never touch it, so anything that fills it in is almost certainly automation.
- IMAP
- Internet Message Access Protocol — a way to read mail while it stays on the server, keeping the same view in sync across all your devices. Read more →
- MX record
- A DNS record that names the mail server responsible for receiving email for a domain. Without a correct MX record, a domain cannot receive mail. Read more →
- OTP (one-time password)
- A single-use, short-lived verification code sent by email or SMS, or generated by an app. It is deliberately fragile: once used or expired, it is worthless. Read more →
- Passkey
- A phishing-resistant login credential based on public-key cryptography. The secret never leaves your device and is tied to the real site, so a fake site cannot capture it. Read more →
- Phishing
- Fraudulent messages that impersonate a trusted party to trick you into revealing passwords, codes or payment details. A legitimate service never asks you to read a code aloud. Read more →
- POP3
- Post Office Protocol v3 — an older protocol that downloads mail to one device and typically deletes it from the server, unlike IMAP which keeps it in sync. Read more →
- Rate limit
- A cap on how many requests are allowed within a time window. APIs and anti-abuse systems use rate limits to stop bursts of automated abuse without blocking normal use.
- SMTP
- Simple Mail Transfer Protocol — the standard that mail servers use to send and relay messages to one another across the internet. Read more →
- Spam filter
- A system that scores incoming mail on many signals — sender reputation, authentication, content — and quarantines anything that looks unwanted. Automated verification mail is often caught here.
- SPF
- Sender Policy Framework — a DNS record listing which servers are allowed to send mail for a domain, so receivers can reject forgeries claiming to be from it. Read more →
- Temporary email
- A short-lived, throwaway inbox — a synonym for disposable email. You use it to receive a message, then let it expire without connecting it to your identity. Read more →
- TOTP
- Time-based One-Time Password — the rotating six-digit code an authenticator app produces from a shared secret and the current time, with no network delivery involved. Read more →
- TTL (time to live)
- How long something stays valid before it expires — for a DNS record, how long it may be cached; for a temporary inbox, how long it lives before self-deleting.
- Two-factor authentication (2FA)
- Requiring a second proof of identity beyond your password — a code, an app, or a passkey — so a stolen password alone is not enough to break in. Read more →
- Webhook
- An HTTP callback that a service sends to your server when an event happens, so you receive updates in real time instead of repeatedly polling an API.

