Yopmail empire: 4 brands, 654 domains

By Adrian Crismaru · Founder, vrfymail · Published 2026-05-16

Yopmail is the famous one. Free temp mail, no signup, public inboxes you can read by typing any address into a form. It’s been running since 2007 and is probably the single most-recognized brand in the disposable-email category. What’s less known: yopmail.co is one of four brands run by the same operator, and the four brands together account for 654 disposable mail domains — more than any other operator in the disposable-email graph.

This post traces the empire. The four brands, the MX infrastructure that ties them together, why “yopmail.com” and “yopmail.co” are technically separate operators in our database, and what it means when your signup form sees an address ending in temp-inbox.com or wuuvo.com (both Yopmail-owned, neither obviously Yopmail).

The four brands

The operator entry in our operators table:

{
  "slug": "yopmail-co",
  "display_name": "yopmail.co (+3 brands)",
  "category": "alias-forwarder",
  "evidence_json": {
    "mx_parents": ["above.com"],
    "brands": [
      "temp-inbox.com",
      "yopmail.co",
      "daymail.com",
      "hidemyemail.com"
    ]
  }
}

Four publicly-different brands:

yopmail.co — the new ccTLD variant. Looks like the famous yopmail.com but is a separate registration.
temp-inbox.com — generic temp-mail branding, no surface link to Yopmail.
daymail.com — day-scoped expiration framing, no surface link.
hidemyemail.com — privacy framing, no surface link.

Visit each in a browser and they look like four different products. Different fonts, different layouts, different launch dates (per WHOIS), different stated owners (mostly anonymized via privacy-protect proxies). The only thing they share visibly is the temp-mail pattern: type any address, read the inbox.

What links them mechanically is the MX record.

park-mx.above.com: the shared back-end

Every domain in the yopmail-co cluster — all 654 of them — has its MX pointing at a host under park-mx.above.com. Above.com is a real, public commercial domain-parking service owned by NameMedia. Operators use it as “we’ll handle email for you, just forward it where you tell us” infrastructure.

Yopmail uses Above.com’s mail infrastructure as the back-end for every domain in the four-brand cluster. That’s the smoking gun:

$ dig +short MX tempmail.com
10 park-mx.above.com.

$ dig +short MX wuuvo.com
10 park-mx.above.com.

$ dig +short MX 0-mail.com
10 park-mx.above.com.

$ dig +short MX 1clck2.com
10 park-mx.above.com.

All four are in the Yopmail cluster. All four MX to Above.com. The mechanism that makes Yopmail’s “different brands” actually one operator is one DNS record per domain. We track this in the disposable_mx_patterns table as a parent-domain rule (above.com → operator yopmail-co, verdict alias-forwarder). Any new domain Yopmail spins up tomorrow that points its MX at Above.com is caught at Tier 2b in 50ms, before it ever appears in any blocklist.

Why yopmail.com and yopmail.co are separate operators

Quirk worth noting. In our registry, yopmail.com is a distinct operator entry from yopmail-co:

Slug	Display name	Brands	Domains
yopmail-co	yopmail.co (+3 brands)	4	654
yopmail-com	yopmail.com (+3 brands)	4	119

Same family of brands (probably the same humans behind both), but the MX infrastructure differs enough that we cluster them separately. The .co variant routes through Above.com’s parking; the .com variant has its own MX hostnames under yopmail.com’s own DNS. They could be the same legal entity running two infrastructures; they could be a 2018-era version (yopmail.com) and a 2023-era version (yopmail.co) of the same business with different back-ends. The classification doesn’t depend on which — both clusters return alias-forwarder verdicts and your handler treats them identically.

What Yopmail’s domains actually look like

A sampling from the 654 in the yopmail-co cluster:

Domains that admit they’re Yopmail: yopmail.co, daymail.com, temp-inbox.com, hidemyemail.com
Domains with generic temp-mail branding: tempmail.com, wuuvo.com, 0-mail.com, 1clck2.com, your-domain.com
Domains that look like random web services: tempinbox.xyz, mailmoat.com, mailcatch.com-variants, generic English-word combos
Domains in non-English markets: variants ending in .fr, .de, .es, .ru — all routing through the same Above.com MX

The strategic point: a user trying to signup to your free trial with bob@wuuvo.com doesn’t know they’re using Yopmail. Your spam filter doesn’t know either, because wuuvo.com is a “generic-looking” disposable not on most static blocklists. The MX-pattern detection is what catches it.

Why “alias-forwarder” not “disposable”

Yopmail’s user-facing experience is “public temp-mail” — type any address, read the public inbox. The mechanical reality is closer to “forwarder to a public destination.” The MX server receives the inbound message and routes it into a public storage layer accessible by anyone who knows the address. Our verdict reflects the mechanical reality (alias-forwarder) rather than the user-facing framing (disposable).

Either way, the practical handling is the same: when /v1/check hits a Yopmail-cluster domain, you get a verdict like:

{
  "result": "risky",
  "reason": "alias_forwarder",
  "reason_message": "This address forwards to another mailbox. Allow if the user is logging in via that mailbox; flag if you're enforcing one-account-per-person rules.",
  "did_you_mean": null
}

If your business rules treat alias-forwarders as undeliverable (B2B, regulated industries, paid trials), you can flip the verdict client-side. We cover the soft-vs-hard verdict choice in detail on /prevent-disposable-email-signups/.

Three implications:

Don’t trust a domain’s name. tempmail.com and wuuvo.com look as different as any two random domains. Mechanically they’re the same operator and your handler should treat them the same.
A static blocklist won’t keep up. Yopmail can register a new domain, point its MX at Above.com, and ship the new “brand” before any maintainer adds it to a list. MX-pattern detection catches it on day one.
One operator can fake a thousand-user campaign. A bad actor with a real Gmail and access to a Yopmail-cluster domain can sign up to your free trial under bob1@wuuvo.com, bob2@temp-inbox.com, bob3@daymail.com, and so on, reading every confirmation email at the public yopmail.co inbox. The pattern is the same as the alias forwarder trick we covered separately, just with public storage.

How the operator graph protects against this

Every domain in the Yopmail cluster flows through the same operator entry in our disposable email checker API. When the operator’s MX backend gets caught, every domain that routes through it gets the verdict — including domains spun up after the catch.

The detection runs at 50ms p50 (parallel MX + DBL probe on cold path; 5µs on cache hits). Compatible with synchronous signup-form validation; no async-verify post-hoc workarounds required.

FAQ

Is using Yopmail illegal or against ToS?

Not illegal anywhere we’re aware of. Most B2C product terms of service prohibit “disposable, temporary, or forwarding email addresses” — so using Yopmail to sign up to a service that bans it is a ToS violation, not a legal violation. Enforcement varies wildly.

Why does yopmail.co show “alias-forwarder” and not “disposable”?

Because mechanically that’s what it is. The MX server receives mail and routes it into a forwarding destination (in Yopmail’s case, a public inbox addressable by anyone who knows the address). Our verdict reflects mechanical reality, not user-facing framing. Either way, the recommended handling is result: risky — let your business rules decide block-or-warn.

Are temp-inbox.com, daymail.com, hidemyemail.com really run by Yopmail?

Based on shared MX infrastructure (all four MX at park-mx.above.com) and our internal fingerprint analysis: yes, with high confidence. The WHOIS records use privacy-protect proxies, so we can’t trace ownership through registration data, but the operational infrastructure is unmistakably one cluster.

Can my form block Yopmail without blocking SimpleLogin or DuckDuckGo Email?

Yes. Both alias-forwarder and risky verdicts ship with the operator identity. You can write your handler to allow operator: simplelogin-io | mozmail-com | duck-com | anonaddy-com while blocking operator: yopmail-co | yopmail-com. The detection table separates the categories cleanly.

What about the rest of the disposable-email industry — does Yopmail dominate?

In domain count, yes — yopmail-co’s 654 domains is the largest single cluster. In market share among actual signup-form traffic we see, the picture is more balanced; mailinator (254 domains, more brand recognition), 1secmail, mail.tm, and a few others get hit at higher rates per-domain. We broke down the full operator graph in the 638-operator post.

Catch every Yopmail-cluster domain in one API call

vrfymail’s /v1/check runs the operator graph on every verify — 5µs cache hit, 50ms p50 cold path. Free tier covers 5,000 verifies/month with no card. Get an API key →

Updated 2026-05-16