Ephemeral Domain

Description

A disposable email address is an email account created with the intention of being temporary and/or easily disposable. There are several services that provide disposable email addresses such as temp-mail, Simplelogin, or 10MinuteMail. The addresses provided by such services are not intended to serve as long-term, reliable communication channels.

Importance

While there are several legitimate uses for disposable email services, such as one-time anonymous communication or signing up for unimportant websites/apps that require an email, using a disposable email account to sign up for a public git repository and distribute code can be indicative of trying to hide malicious activity.

Examples

In July of 2022, a malicious cryptomining campaign was attempted by leveraging the NPM ecosystem. The threat actor created over 1200 JavaScript packages on NPM with over 1000 different user accounts. Each of the accounts listed a different email address with a known disposable domain.