About Migadu
Migadu is a disposable email service operating 0 domains, first observed in our database on 2026-06-04. We classify it as disposable because its mail infrastructure matches known temporary-email patterns and its domains are repeatedly observed in abusive signup flows across our customer base. The crowdsourced detection pipeline aggregates signals from every API request, so a brand new domain that suddenly receives a burst of signup attempts from random local parts gets flagged automatically — that's how we caught most of the long tail behind Migadu and other services like it.
Live status
Status: not actively monitoredSample domains operated by Migadu
A small sample of the 0 domains we track for this service. The complete list is available through the EmailProbe API — single integration blocks every current and future Migadu domain automatically.
| Domain |
|---|
0 total domains tracked. Detect every one of them via the API →
Mail infrastructure
MX servers
Why people use Migadu
Legitimate use cases
Some users prefer disposable inboxes for any signup they consider low-trust, reducing long-term exposure to marketing spam and the blast radius of a data breach. For single-use interactions with unfamiliar services, a disposable address is a reasonable privacy measure. The economic calculus from the user's side is simple — the cost of a disposable address is zero, the cost of giving away a real address to a service that may later be breached or sold to data brokers is non-zero — so for one-time interactions, the disposable address is the obvious default.
Abuse patterns
Disposable addresses from services like Migadu are a primary tool for fake-account creation, free-trial abuse, and bypassing email-based account uniqueness controls. Because they require no personal information and leave no audit trail, they are attractive to fraudsters and automated abuse toolkits. Reseller fraud, gift-card cycling, promotional credit abuse, and click-farm operations all rely heavily on disposable inboxes because every successful signup needs to clear an email verification step, and disposable addresses make that verification step cheap to repeat indefinitely.
How to block Migadu signups
Three approaches, ordered by accuracy:
Manual regex (least reliable)
const BLOCK = /@(migadu\.[a-z]{2,4}|migadu\.com)$/i;
if (BLOCK.test(email)) reject();Free EmailProbe API (recommended for low volume)
curl https://api.emailprobe.dev/open/v1/disposable/migadu.comAuthenticated API (production)
curl -H "Authorization: Bearer $KEY" \
-d '{"email":"[email protected]"}' \
https://api.emailprobe.dev/v1/validateFrequently asked questions
Is Migadu safe to use?
Migadu provides no identity guarantees and limited privacy. Treat anything sent to it as effectively public. Sensitive information — password resets, verification codes, financial data — should never be sent to a disposable inbox. For operators on the other side, allowing a disposable address into your account-recovery flow means giving an attacker who pre-claims the address a path to take over the account; this is a real attack pattern, not a theoretical one.
Can I receive emails on Migadu?
Most disposable services accept incoming mail; whether Migadu retains it and for how long depends on the operator's infrastructure. Assume any message sent to a Migadu address may be read by unintended parties. Detection at signup time is the only reliable way to keep your transactional mail from ending up in a public inbox that no human will ever check — verification-after-the-fact does nothing to protect a verification code that's already been delivered to a Migadu domain.
Is using Migadu legal?
Generally legal; using one to evade paid-account or fraud controls violates many sites' terms of service and, in some jurisdictions, may constitute computer fraud or misuse. Declining signups from Migadu domains is similarly legal and is documented industry practice — no regulator has ever objected to a service maintaining a list of email domains it will not accept signups from.
How does EmailProbe detect Migadu emails?
EmailProbe matches addresses against 0 known Migadu domains plus the service's mail-server infrastructure. Detection happens at the edge in under 50ms.
Can I block all Migadu domains at once?
Yes — every Migadu domain is flagged as disposable by the EmailProbe API. A single integration blocks every current and future Migadu domain without a manual list.
How did EmailProbe discover Migadu if it's not a well-known brand?
Crowdsourced signals. When multiple EmailProbe customers see signup attempts from the same domain with random-looking local parts, low retention, and infrastructure colocation with known disposable services, the domain gets flagged automatically. This network-effect detection finds long-tail disposable services within hours of first appearance, which is why our database tracks over 200,000 domains compared to single-vendor competitors who max out around 50,000.
How often is the Migadu domain list updated?
The full disposable-domain database is refreshed every 15 minutes from 9 upstream sources, internal proprietary lists, and live monitoring of 17 known temp-mail services. Crowdsourced additions enter the database within an hour of detection. The EmailProbe API always serves the latest version — there is no cache staleness on the client side because all detection happens at the edge against a live blocklist.
Can I rely on Migadu domain detection alone, or do I need more checks?
For most products, domain detection alone catches the bulk of disposable signups. For higher-stakes flows — financial services, healthcare, accounts that grant access to user-generated content — combining domain detection with MX-server checks, IP-cluster analysis, and local-part heuristics gives much higher confidence. The EmailProbe API runs all of these layers in a single request and returns a unified verdict with the per-check breakdown so your application can apply nuanced policy based on the signal mix.