Security Details

Mailinator Security

At Mailinator, protecting customer data is a top priority. We take the responsibility of securing it very seriously.


System Architecture

Mailinator's architecture is built to be secure and reliable. It is a multi-tier architecture where server-to-server communication occurs over a private network.

Data Centers

Our application is hosted by Linode and Digital Ocean with the following certifications:


  • SOC 1 Type 2
  • SOC 2 Type 2
  • HIPAA Type 1

Digital Ocean

  • SOC 2 Type 2
  • SOC 3 Type 2

For more information, please see the relevant Security pages:
Digital Ocean


Mailinator’s payment and card information is handled by Stripe, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Mailinator does not directly receive credit card data.

Site Continuity and Disaster Recovery

Mailinator's architecture is built with fault tolerant capability. Each service is redundant with replication and failover.


Mailinator retains development and testing systems that are fully isolated from the production environment.


Mailinator takes data security seriously.

Public Email Domains (e.g., are intended as public domain data. There is no intended or implied privacy surrounding data sent to any Mailinator public domain. The public access of Mailinator’s public domains is, in fact, an intended goal of the usability of that service.

In contrast, Subscribers to the Mailinator service receive a “Private Domain” (e.g., something akin to Emails sent to a Subscriber’s private domain are not public and viewable only by those subscribers.

Data Storage

Mailinator data stores are accessible only by servers that require access.


Mailinator conducts backups on a weekly and monthly basis. Hot backups are retained for one month. Off-net backups are retained for up to one year.


All sensitive information (including passwords, API keys, etc) is filtered from all server logs. Subscriber usage activity is stored for up to 6 weeks. No user activity is logged in the Mailinator Public system (for example, for any email address).


Firewall and Encryption

Our servers are protected by Firewalls. The Mailinator web service is proxied through Cloudflare. All Mailinator web traffic is served over HTTPS. We force HTTPS for all web resources, including our REST API.
Our SMTP servers support upgrading connections to TLS encryption.

Vulnerability Scans and Penetration Testing

Mailinator monitors all third-party tools that are used within the system for security upgrades and patches. All such patches are patched promptly when new issues are reported. The Mailinator system undergoes penetration tests at least yearly. Issues that are categorized as high-impact are addressed within 30 days.

Security Training and Confidentiality

Mailinator has mandatory security training for all employees. Additionally, all employees sign confidentiality agreements with Mailinator.


Secure Single Sign On (SSO)

SSO is available for Enterprise subscriptions supporting SAML.


We never store passwords in a form that can be retrieved. Mailinator stores an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.


We monitor and rate limit authentication attempts on all accounts. Our system automatically blocklists any IP addresses responsible for suspicious authentication activity.

User Roles

We provide multiple user roles with different permissions levels within the product. Roles vary from account admins to users.


Incident Response

Mailinator has a defined protocol for responding to security.


Mailinator conducts software development and updates through a system of standards and repeatable tests. Code pushes to production occur through a repeatable and automated process with immediate capability for reversion if necessary.

Security and Confidentiality

All employees are trained in Security procedures pertinent to their position. All employees sign confidentiality agreements with Manybrain (Mailinator).

PCI Compliance

All credit card payments paid to Mailinator/Manybrain go through our payment processing partner, Stripe. Details about their security posture and PCI compliance can be found at Stripe’s Security page.

If you have any questions or concerns regarding the security of this site, please email us at: