Everything about using SecondInbox .

A temporary email address is a disposable inbox that lasts for a short, fixed period and then goes away along with every message inside it. It lets you receive email — verification codes, magic links, confirmations, newsletters — without handing over your real address. The usual reason is to keep your main inbox clean and your identity out of third-party mailing lists.

Yes. No paid tier, no feature paywalls, no credit-card-required trial. The core service — creating inboxes, receiving mail, downloading attachments, extending timers — is free and stays that way.

No. You can create inboxes and read mail completely anonymously. Creating a (free) account does one thing only: it ties your inboxes to a user record so they persist across browser sessions and devices. Same features, same limits, same 30-minute default TTL.

Each of our domains is wired up to Cloudflare Email Routing. When mail arrives for one of our addresses, Cloudflare forwards it to a webhook on our servers, which parses it, stores it against the right inbox, and surfaces it on your inbox page in real time.

By default an inbox lasts 30 minutes from the moment you create it. A live countdown on the inbox card shows how much time is left. When it hits zero, the address stops accepting mail and every message inside becomes inaccessible.

You can extend as many times as you like while the inbox is still active. Extending resets the timer back to 30 minutes from now — it does not stack on top of the time remaining. So tapping Extend with 5 minutes left gives you 30, not 35.

Up to 50 per day — counted per account if you are signed in, or per IP address if you are anonymous. There is no cap on how many can be active simultaneously within that daily budget. Switch between them using the address dropdown on the inbox card.

No. The inbox is receive-only by design. If you need to send mail, use your real address or a dedicated alias service. Keeping the service one-way is part of what lets us keep it free, simple, and low-abuse.

Yes. Attachments are fully supported — PDFs, images, documents, archives. They appear at the bottom of the message view and can be downloaded individually. The upstream mail relay enforces a per-message size cap, so extremely large messages may be rejected before they reach us.

Open the message, click the three-dot options menu in the top-right of the reader pane, and choose Download .eml to save the full message to your machine. Attachments can also be downloaded individually from the list at the bottom of the message.

Yes. Click Enable notifications in the inbox toolbar the first time you want them; your browser will ask for permission. After that, new messages trigger a desktop notification even when the tab is in the background — useful when you are waiting on a slow sender.

No. The sender only sees the temporary address you handed them. Nothing about your real email, identity, or device is revealed. That is the whole point of a second inbox.

No. We do not scan messages for advertising, analytics, or training data, and we do not hand them to third parties. The only processing applied is client-side HTML sanitisation — so malicious scripts inside a message cannot run in your browser — and that happens entirely on your machine.

No built-in analytics, tracking pixels, or third-party scripts ship with the service. The site operator can optionally inject a custom head snippet — for example to add a privacy-friendly analytics tool — so if that is the case on the instance you are using, it will be disclosed in its privacy policy.

One, and only as needed: a standard session cookie used to remember which anonymous inboxes belong to your browser. No third-party tracking cookies, no advertising cookies, no cross-site identifiers. Signed-in users also receive an authentication cookie, which is standard and essential.

When you create an anonymous inbox your IP is stored on that inbox record, used exclusively to enforce the 50-per-day creation limit. It is never shared, sold, or used to build a profile, and it is discarded alongside the inbox when it is cleaned up. The webhook that receives incoming mail does not log sender IPs.

The address is deactivated, messages become unreachable through every endpoint, and the inbox, its messages, and their attachments are deleted from our systems. There is no "recently deleted" folder and no recovery path — once an inbox is gone, it is gone.

Persistence. Your inboxes are tied to your account instead of your current browser session, which means they survive closing the tab, switching devices, or clearing cookies. Everything else — limits, features, TTL — is identical to anonymous use.

Most mail arrives within seconds. If yours has not: confirm you pasted the full address including the domain, check that the sender is not filtering disposable-email domains (some services do), and tap Refresh on the inbox toolbar. Messages normally appear without a manual refresh, but a nudge never hurts.

No. Once an inbox is deleted or its countdown reaches zero, the address and every message it held are permanently removed and cannot be restored. The practical fix is to generate a fresh address and repeat the sign-up or verification flow with the sender.

Yes. Create as many as you need within the daily cap and switch between them from the address dropdown on the inbox card. Each has its own countdown and can be extended or deleted independently of the others.