帮助中心

mail.cx is an email service for developers to receive and test emails. It provides instant on-demand inboxes for receiving emails, testing account verification flows, and integrating email reception into your applications via REST API and SSE events.

Visit mail.cx, optionally enter a username (or leave blank for a random one), select a domain, and click "Get this address". Your inbox is ready immediately — no sign-up required.

Each inbox lasts 1 hour by default. After expiration, all emails, attachments, and address data are permanently deleted. Raw email files in object storage expire after 75 minutes.

No. You can create inboxes and receive emails without signing up. Sessions are cookie-based and tied to your IP prefix for security. Creating an account unlocks additional features like API tokens and custom domains.

Go to mail.cx/register and sign up with email and password, or use Google or GitHub login. Passwords must be at least 8 characters with at least 1 letter and 1 digit.

mail.cx supports email/password login, Google login (via Google Identity Services), and GitHub login (via OAuth authorization code flow).

Free plan: 1 API token, 85 requests/minute, 1,500 Ops/month, 1 custom domain. Pro plan ($4/month): 10 API tokens, 20 requests/second burst, 200,000 Ops/month, 10 custom domains, and priority support.

All verified custom domains are disabled and stop receiving emails. Your API token quota is reduced to 1, but excess tokens are not deleted — they remain inactive until you are within the Free plan limit. Existing emails in your inboxes are not affected.

Usernames must be 3–20 characters, lowercase letters (a–z), digits (0–9), dots (.), underscores (_), and hyphens (-) only. Usernames cannot start or end with a dot, underscore, or hyphen. Some names are reserved (e.g. admin, postmaster, abuse).

Yes. mail.cx supports WebSocket connections for real-time push notifications when a new email arrives. Guest users get 1 WebSocket connection per inbox; registered users get up to 3 simultaneous connections. The server pings every 30 seconds with a 35-second timeout.

If the raw .eml file in storage expires (75-minute TTL) before the cleaner runs, the API returns HTTP 410 Gone with {"error":"email_expired"} and marks the email as expired in the database.

Yes. The SMTP gateway accepts emails up to 1 MB. Emails exceeding this limit are rejected by the SMTP server.

All API requests require an API token sent via the x-api-token HTTP header. Tokens follow the format tm_live_ followed by 64 hexadecimal characters (72 characters total). Tokens are stored as SHA-256 hashes — mail.cx never stores your token in plaintext.

Free plan: 1 token. Pro plan: up to 10 tokens. Web session tokens (created on login) do not count toward this quota.

API tokens are only displayed once at creation and cannot be retrieved later. If you lose a token, revoke it and create a new one. Revoking a token frees up the slot.

All API requests should be made to https://api.mail.cx. HTTPS is required for all endpoints.

Go to Dashboard → Domains, click "Add Domain" and enter your domain (e.g. mail.example.com). Then configure 2 DNS records: 1. TXT record: Host = _tempmail.yourdomain.com, Value = tempmail-verify={token} 2. MX record: Host = yourdomain.com, Value = smtp.mail.cx, Priority = 10

mail.cx checks DNS records every 5 minutes. Verification typically completes within 5 minutes to 48 hours depending on your DNS provider's propagation speed. If the domain is not verified within 72 hours, it is marked as failed.

Free plan: custom domains not available. Pro plan: up to 10 domains.

No. Custom domains work as catch-all — any email sent to anything@yourdomain.com will be received automatically. You don't need to create individual mailboxes.

Rate limits are applied in layers: - Guest: 72 requests/minute per IP - Free users: 85 requests/minute per user - Pro users: 20 requests/second burst per user SMTP: rate limited per sender IP, up to 200 concurrent connections.

Ops is a unified monthly quota. Each email received by a registered user consumes 1 Op. API calls do not consume Ops. Guest users are not subject to Ops limits. Free plan: 1,500 Ops/month. Pro plan: 200,000 Ops/month. Your current usage is shown in the response headers X-Ops-Limit and X-Ops-Remaining. The quota resets at the beginning of each calendar month.

You receive HTTP 429 Too Many Requests with a Retry-After header indicating how long to wait. For Ops quota exhaustion, the response is also 429 with {"error":"ops_quota_exceeded"} but without a Retry-After header — the quota resets monthly.

For guest users, yes. Mailbox creation has multi-dimensional rate limits: - Global cap: 500 mailboxes/minute - Per IP: 400/day - Per client ID: 40/minute, 120/day - High-risk requests (no Origin/Referer): 1/minute per IP Authenticated users (Free and Pro) are not subject to mailbox creation limits.

All connections use TLS encryption. Passwords are hashed with bcrypt. API tokens are stored as SHA-256 hashes. mail.cx does not use tracking cookies, third-party analytics, or advertising services.

Emails and mailboxes are automatically deleted after the inbox expires (1 hour by default). Raw .eml files expire after 75 minutes in object storage. Revoked API tokens are permanently deleted after 7 days. The cleanup process runs every 5 minutes.

No. Custom domains are private to your account. When logged in, only you see your domains in the dropdown. Other users never see your custom domains or emails.

mail.cx has automatic abuse detection: - More than 20 failed authentication attempts (401) in 10 minutes → IP banned for 1 hour - More than 50 not-found errors (404) in 10 minutes → token banned for 30 minutes - More than 100 rate limit errors (429) in 1 hour → IP banned for 24 hours Authenticated users are exempt from 429-based IP bans. Bans apply to API, WebSocket, and guest routes.

Pro costs $4/month, billed monthly via Paddle.

Yes. You can request a full refund within 14 days of your initial subscription payment — no questions asked. Contact service@mail.cx or Paddle directly via your payment receipt. Refunds are processed within 3 business days.

Your Pro plan is immediately downgraded to Free. API token quota is reduced to 1. Custom domains are disabled. Existing emails in your inboxes are not affected and expire normally.

Yes. You can cancel at any time. Pro features remain active until the end of your current billing period. There are no refunds for unused subscription periods.

There are several possible reasons, both on the mail.cx side and the sender side: Inbox issues: 1. The inbox may have expired — the default TTL is 1 hour. Create a new inbox if it has expired 2. Check the address — make sure the sender is using the exact address shown on your inbox page 3. For custom domains, verify that the DNS TXT and MX records are correctly configured and the domain status is "verified" Sender-side issues: 4. Sending delay — some email providers may take a few seconds to minutes before actually delivering the email 5. Sender rejection — some email providers refuse to deliver to certain domains. This is the sender's policy and outside mail.cx's control 6. Check bounce notifications — if the sender received an NDR (Non-Delivery Report), it will contain the specific reason for rejection System limits: 7. SMTP rate limiting — if the sender's IP has sent too many emails in a short time, our server returns a temporary error (421) and the sender should retry automatically 8. Email size limit — emails larger than 25 MB are rejected at the SMTP level 9. The recipient address or sender domain may have been blocked by the administrator Guest mode notes: If you're using guest mode (no account), your session is tied to a single browser cookie. Opening multiple tabs or windows shares the same session and inbox. If you create a new inbox in one tab, the other tabs lose access to the previous inbox. Only one real-time WebSocket connection is allowed per guest inbox — additional tabs will not receive live updates. To use multiple inboxes simultaneously, create a free account. Troubleshooting tips: - Keep the inbox page open — new emails are pushed in real time via WebSocket - Try sending a test email from a different email provider - If using the API, verify your WebSocket connection is active or use polling as a fallback

Check the Retry-After response header for the wait time. If the error is "ops_quota_exceeded", your monthly Ops quota is exhausted and resets at the beginning of the next month. Consider upgrading to Pro for higher limits (200,000 Ops/month, 20 req/s burst).

Verification fails if DNS records are not found within 72 hours. Check: 1. TXT record: _tempmail.yourdomain.com → tempmail-verify={your_token} 2. MX record: yourdomain.com → smtp.mail.cx (priority 10) 3. Allow time for DNS propagation (up to 48 hours) Delete the domain and re-add it to get a new verification token and restart the 72-hour window.