About Xnote
Xnote runs 1 disposable email domains. Tracked since 2026-04-12, it serves as a source of throwaway or short-lived email addresses. Signals from our crowdsourced detection pipeline indicate this service is routinely used in automated account creation. The pipeline doesn't depend on Xnote being a well-known brand: a previously unknown domain that starts seeing high entropy in its local-part distribution, low retention from signups using it, and infrastructure colocation with known disposable services is enough evidence to add it to the blocklist within hours of first detection.
Live status
Status: not actively monitoredSample domains operated by Xnote
A small sample of the 1 domains we track for this service. The complete list is available through the EmailProbe API — single integration blocks every current and future Xnote domain automatically.
| Domain |
|---|
nofaxnoteletrackpaydayloans.us |
1 total domains tracked. Detect every one of them via the API →
Mail infrastructure
MX servers
Why people use Xnote
Legitimate use cases
Some users prefer disposable inboxes for any signup they consider low-trust, reducing long-term exposure to marketing spam and the blast radius of a data breach. For single-use interactions with unfamiliar services, a disposable address is a reasonable privacy measure. The economic calculus from the user's side is simple — the cost of a disposable address is zero, the cost of giving away a real address to a service that may later be breached or sold to data brokers is non-zero — so for one-time interactions, the disposable address is the obvious default.
Abuse patterns
Disposable addresses from services like Xnote are a primary tool for fake-account creation, free-trial abuse, and bypassing email-based account uniqueness controls. Because they require no personal information and leave no audit trail, they are attractive to fraudsters and automated abuse toolkits. Reseller fraud, gift-card cycling, promotional credit abuse, and click-farm operations all rely heavily on disposable inboxes because every successful signup needs to clear an email verification step, and disposable addresses make that verification step cheap to repeat indefinitely.
How to block Xnote signups
Three approaches, ordered by accuracy:
Manual regex (least reliable)
const BLOCK = /@(xnote\.[a-z]{2,4}|xnote\.com)$/i;
if (BLOCK.test(email)) reject();Free EmailProbe API (recommended for low volume)
curl https://api.emailprobe.dev/open/v1/disposable/xnote.comAuthenticated API (production)
curl -H "Authorization: Bearer $KEY" \
-d '{"email":"[email protected]"}' \
https://api.emailprobe.dev/v1/validateFrequently asked questions
Is Xnote safe to use?
Xnote provides no identity guarantees and limited privacy. Treat anything sent to it as effectively public. Sensitive information — password resets, verification codes, financial data — should never be sent to a disposable inbox. For operators on the other side, allowing a disposable address into your account-recovery flow means giving an attacker who pre-claims the address a path to take over the account; this is a real attack pattern, not a theoretical one.
Can I receive emails on Xnote?
Most disposable services accept incoming mail; whether Xnote retains it and for how long depends on the operator's infrastructure. Assume any message sent to a Xnote address may be read by unintended parties. Detection at signup time is the only reliable way to keep your transactional mail from ending up in a public inbox that no human will ever check — verification-after-the-fact does nothing to protect a verification code that's already been delivered to a Xnote domain.
Is using Xnote legal?
Generally legal; using one to evade paid-account or fraud controls violates many sites' terms of service and, in some jurisdictions, may constitute computer fraud or misuse. Declining signups from Xnote domains is similarly legal and is documented industry practice — no regulator has ever objected to a service maintaining a list of email domains it will not accept signups from.
How does EmailProbe detect Xnote emails?
EmailProbe matches addresses against 1 known Xnote domains plus the service's mail-server infrastructure. Detection happens at the edge in under 50ms.
Can I block all Xnote domains at once?
Yes — every Xnote domain is flagged as disposable by the EmailProbe API. A single integration blocks every current and future Xnote domain without a manual list.
How did EmailProbe discover Xnote if it's not a well-known brand?
Crowdsourced signals. When multiple EmailProbe customers see signup attempts from the same domain with random-looking local parts, low retention, and infrastructure colocation with known disposable services, the domain gets flagged automatically. This network-effect detection finds long-tail disposable services within hours of first appearance, which is why our database tracks over 200,000 domains compared to single-vendor competitors who max out around 50,000.
How often is the Xnote domain list updated?
The full disposable-domain database is refreshed every 15 minutes from 9 upstream sources, internal proprietary lists, and live monitoring of 17 known temp-mail services. Crowdsourced additions enter the database within an hour of detection. The EmailProbe API always serves the latest version — there is no cache staleness on the client side because all detection happens at the edge against a live blocklist.
Can I rely on Xnote domain detection alone, or do I need more checks?
For most products, domain detection alone catches the bulk of disposable signups. For higher-stakes flows — financial services, healthcare, accounts that grant access to user-generated content — combining domain detection with MX-server checks, IP-cluster analysis, and local-part heuristics gives much higher confidence. The EmailProbe API runs all of these layers in a single request and returns a unified verdict with the per-check breakdown so your application can apply nuanced policy based on the signal mix.