How I Built a Free Anonymous Email Service — No Phone, No Password, No Logs

Source: Dev.to

The Problem

Every email provider today collects something about you at signup:

Even the privacy‑focused ones create a link to your real identity. ProtonMail was actually forced to log a user’s IP address by Swiss authorities in 2021.

I wanted something where the signup process collects literally nothing.

What I Built

QRYPTY Mail — a free anonymous email service.

Signup process

1. Pick a username.
2. Receive a random 32‑character access code.
3. That’s it. No phone. No password. No name. No recovery email.

The access code is your only key. We hash it with bcrypt — we never see or store the plaintext. If you lose it, it’s gone forever. There’s no “forgot password” button. That’s not a bug; it’s the whole point.

What You Can Actually Do With It

QRYPTY Mail is a full email service, not just a temporary throwaway address:

• Send and receive from Gmail, Outlook, Yahoo, ProtonMail — any provider
• Folders — Inbox, Sent, Drafts, Starred, Spam, Trash
• Attachments up to 25 MB
• Full‑text search across all your emails
• Spam filter — because spam finds you within hours of going live (learned that the hard way)
• 13 languages — English, Russian, Chinese, Hindi, Spanish, French, Arabic, Bengali, Portuguese, Urdu, Indonesian, German, Japanese
• Mobile PWA — install it on your phone directly from the browser

The Tech Behind It

For anyone curious about the stack:

• Backend: Python/FastAPI + PostgreSQL + Redis
• Frontend: React + Vite + Tailwind CSS
• Email: aiosmtpd (receiving) + aiosmtplib (sending)
• Auth: 32‑char access codes → bcrypt hash → JWT sessions
• Infrastructure: Docker Compose + nginx + Let’s Encrypt

The authentication model is unusual. Instead of passwords, the system generates a random 32‑character code from a‑z, A‑Z, 0‑9. That’s 62^32 possible combinations — roughly 10^57. The entire Bitcoin network would need billions of years to brute‑force a single code.

Mistakes I Made Along the Way

1. I underestimated spam.
   Within 3 hours of launching the SMTP server, we received our first spam. Within a day, hundreds. A spam filter isn’t a “nice to have” — it’s survival.

2. Users will lose their access codes.
   No matter how big the warning is, someone will screenshot the code, lose their phone, and email support asking to recover it. The answer is always the same: we can’t. Zero‑knowledge means zero recovery.

3. RTL languages broke everything.
   Arabic and Urdu are right‑to‑left. Adding RTL support wasn’t just flipping text — it meant rethinking the entire layout logic. CSS direction: rtl is just the beginning.

4. Email deliverability is a nightmare.
   Getting other providers to accept your emails requires proper MX, SPF, DKIM, and DMARC DNS records. Even then, some providers are suspicious of new domains. It took weeks of warming up the domain reputation.

“Why Should I Trust You?”

Fair question. Here’s the answer:

• We don’t ask for your data, so there’s nothing to leak.
• We don’t store IP addresses, so there’s nothing to hand over.
• Access codes are bcrypt‑hashed, so even a database breach reveals nothing.
• There are no ads, so we have no incentive to track you.
• It’s free with no paid plans, so there’s no bait‑and‑switch.

The architecture is designed so that trust isn’t required. We simply don’t have your data.

Try It

• 🌐 qrypty.com — main site
• 📧 qrypty.com/register — create an account in 10 seconds
• 📖 qrypty.com/blog — articles on email privacy

It’s completely free. No paid tiers, no feature limitations, no “upgrade to pro” banners.

I’d genuinely love feedback from the dev community. What would you change? What concerns do you have? What features are missing?

Related Resources

• Best Anonymous Email Services in 2026
• ProtonMail vs QRYPTY Mail — Detailed Comparison