Mail.cx is an email testing platform for developers. It provides instant on-demand inboxes for receiving emails, testing account verification flows, and integrating email reception into your applications via REST API, WebSocket events, and webhooks.

Does Mail.cx have an API?

Yes. Mail.cx provides a full REST API for creating mailboxes, retrieving emails, downloading attachments, and managing custom domains, webhooks, and API tokens. Interactive API documentation is available at mail.cx/api/docs.

Does Mail.cx support webhooks?

Yes. Pro users can configure webhook endpoints to receive real-time HTTP POST notifications when new emails arrive. Webhooks are signed with HMAC-SHA256 for security and include automatic retry with exponential backoff.

Can I use a custom domain with Mail.cx?

Yes. Pro users can add up to 5 custom domains by configuring a TXT record for verification and an MX record pointing to Mail.cx's SMTP server. Each domain requires creating mailbox accounts to receive emails.

Yes. The Free plan includes instant test inboxes, real-time email receiving, WebSocket notifications, and 7-day retention. No credit card required. The Pro plan at $9/month adds custom domains, webhooks, API tokens, and up to 100,000 mailboxes.

How long are emails retained?

All emails are automatically deleted after 7 days for both Free and Pro plans. Attachments and raw .eml files are also permanently removed after expiration.

Privacy Policy & Terms of Service

Last updated: March 2026

Privacy Policy

Overview

Mail.cx provides developer-focused email testing tools, inbox services, and related API functionality. We are committed to protecting your privacy and handling data responsibly. This Privacy Policy explains what information we collect, how we use it, how long we retain it, and how we protect it.

What We Collect

We collect only the minimum information necessary to operate, secure, and improve the service:

Inboxes and email content — used to provide email receiving functionality and automatically deleted after the retention period (default: 7 days)
Registered account information — such as your email address and hashed credentials, used solely for authentication and account access
API tokens — stored only as secure SHA-256 hashes; never stored in plaintext
Server logs — including IP addresses, request timestamps, and limited request metadata, retained for a short period to detect abuse, troubleshoot issues, and maintain service security

What We Do Not Collect

No advertising identifiers or third-party analytics scripts
No selling, renting, or sharing your personal data with advertisers
No collection of personal information beyond what you voluntarily provide or what is technically required to operate the service
We are committed to data minimization — we collect only what is necessary to deliver and secure the platform

Data Retention

We retain data only for as long as necessary to operate the service and protect the platform:

Inboxes, emails, and raw .eml files are automatically deleted after their retention period ends (default: 7 days)
Revoked API tokens are permanently deleted after a limited retention period
Server logs are retained only for a short period for abuse prevention, debugging, and security monitoring — automated deletion is applied wherever practical

Security

We use reasonable technical and organizational measures to protect the platform and stored data, including TLS encryption for data in transit, bcrypt hashing for passwords, SHA-256 hashing for API tokens, and AES-256 encryption for webhook secrets. No internet-connected service can be guaranteed to be completely secure, but we take appropriate steps to reduce risk and protect stored information.

Third-Party Services

Mail.cx does not use third-party advertising, analytics, or behavioral tracking services.

Our infrastructure is hosted on server infrastructure providers and related technical services necessary to deliver the product. In limited cases, standard public DNS resolvers or other network services may be used for domain verification, email routing, security checks, or service operation.

Cookies and Local Storage

Mail.cx does not use tracking cookies.

To support authentication and product functionality, certain tokens, preferences, or session-related data may be stored in your browser using localStorage or similar browser storage mechanisms. This information is used only for the operation of the service and is not shared with third-party advertisers.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or security practices. When we do, the updated version will be posted on this page with a revised effective or revision date.

Contact

If you have any questions about this Privacy Policy, you may contact us at service@mail.cx.

Terms of Service

1. Acceptance of Terms

By accessing or using Mail.cx, you agree to be bound by these Terms of Service. If you do not agree to these terms, you must not access or use the service.

2. Service Description

Mail.cx provides web-based inbox services, email receiving functionality, and developer tools for testing, integration, and email workflow use cases. The service is receive-only and does not provide email sending functionality.

Inboxes and related message data expire automatically after a limited period of time (default: 7 days). Pro users have access to additional features, including custom domains, API access, webhooks, and API tokens.

3. Accounts

You may use certain parts of the service without creating an account, where such access is made available. Some features require registration with a valid email address and password.

You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. We reserve the right to suspend, restrict, or disable accounts that violate these Terms of Service or otherwise pose a risk to the service or its users.

4. Acceptable Use

You agree not to use Mail.cx for any unlawful, harmful, abusive, or fraudulent purpose. Prohibited uses include, but are not limited to:

Sending, distributing, or supporting spam, phishing, malware, or other malicious content
Fraudulent activity, impersonation, or identity theft
Unauthorized automated registration or abusive activity on third-party services
Violating applicable laws, regulations, or third-party rights
Attempting to interfere with, disrupt, or attack the service infrastructure, or misusing the API, webhooks, domains, or inboxes in a manner that harms the platform or other users

5. API Usage

API access is subject to usage limits, rate limits, and plan-specific restrictions. Exceeding those limits may result in throttling, temporary suspension, or access restrictions.

You are responsible for keeping your API credentials secure. API tokens must not be exposed publicly or shared in an unauthorized manner. We may suspend or revoke API access in cases of abuse, misuse, security risk, or violations of these terms.

6. Abuse & Rate Limits

To protect the service and all users, Mail.cx enforces rate limits and automated abuse detection. By using the service, you acknowledge and agree to the following:

Mailbox creation, API calls, and other operations are subject to per-IP, per-account, and global rate limits
Automated systems monitor for abnormal patterns, including excessive authentication failures, repeated invalid requests, and high-frequency operations. Accounts or IP addresses that trigger these thresholds may be temporarily or permanently restricted without prior notice
Attempts to circumvent rate limits — such as rotating IPs, forging client identifiers, or scripting around throttling — are considered a violation of these Terms and may result in immediate suspension
Restrictions may be applied automatically or manually by our team. We are not obligated to disclose specific thresholds or detection criteria
If you believe a restriction was applied in error, contact us at service@mail.cx

7. Service Availability

Mail.cx is provided on an "as is" and "as available" basis. While we aim to provide a reliable service, we do not guarantee uninterrupted availability, error-free operation, or permanent access to any feature.

We may modify, restrict, suspend, or discontinue any part of the service at any time, with or without notice.

8. Data Retention and Limitation of Liability

Mail.cx is designed for developer testing and email workflow usage. Messages, inboxes, and related data expire automatically and may be permanently deleted after expiration. We do not guarantee message retention, recovery, or long-term storage. You should not rely on Mail.cx for critical, sensitive, or business-essential communications.

To the fullest extent permitted by law, Mail.cx and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of data, emails, business, revenue, or opportunity arising out of or related to your use of, or inability to use, the service.

9. Termination

We reserve the right to suspend, restrict, or terminate access to the service, in whole or in part, at our sole discretion, with or without notice, if we believe your use violates these Terms of Service, creates legal or security risk, or may harm the service, users, or third parties.

10. Changes to These Terms

We may update or revise these Terms of Service from time to time. The updated version will become effective when posted on the site. Your continued use of Mail.cx after any changes take effect constitutes your acceptance of the revised terms.