How I Built a Free Anonymous Email Service — No Phone, No Password, No Logs

QRYPTY — Sun, 19 Apr 2026 21:10:04 +0000

Last year I tried to create an email account for a side project. Gmail wanted my phone number. Outlook wanted my phone number. ProtonMail — the "privacy" email — wanted my phone number too.

I thought: why does an email service need to know who I am?

So I built my own.

The Problem

Every email provider today collects something about you at signup:

Provider	What they require
Gmail	Phone number + real name
Outlook	Phone number
ProtonMail	Phone or recovery email
Tutanota	Existing email + manual approval
Yahoo	Phone number

Even the privacy-focused ones create a link to your real identity. ProtonMail was actually forced to log a user's IP address by Swiss authorities in 2021.

I wanted something where the signup process collects literally nothing.

What I Built

QRYPTY Mail — a free anonymous email service.

Here's the entire signup process:

You pick a username
You get a random 32-character access code
That's it. No phone. No password. No name. No recovery email.

The access code is your only key. We hash it with bcrypt — we never see or store the plaintext. If you lose it, it's gone forever. There's no "forgot password" button. That's not a bug, it's the whole point.

What You Can Actually Do With It

I didn't want to build another throwaway email that deletes everything after 10 minutes. QRYPTY Mail is a full email service:

Send and receive from Gmail, Outlook, Yahoo, ProtonMail — any provider
Folders — Inbox, Sent, Drafts, Starred, Spam, Trash
Attachments up to 25MB
Full-text search across all your emails
Spam filter — because spam finds you within hours of going live (learned that the hard way)
13 languages — English, Russian, Chinese, Hindi, Spanish, French, Arabic, Bengali, Portuguese, Urdu, Indonesian, German, Japanese
Mobile PWA — install it on your phone directly from the browser

The Tech Behind It

For anyone curious about the stack:

Backend: Python/FastAPI + PostgreSQL + Redis
Frontend: React + Vite + Tailwind CSS
Email: aiosmtpd (receiving) + aiosmtplib (sending)
Auth: 32-char access codes → bcrypt hash → JWT sessions
Infrastructure: Docker Compose + nginx + Let's Encrypt

The authentication model is unusual. Instead of passwords, the system generates a random 32-character code from a-z, A-Z, 0-9. That's 62^32 possible combinations — roughly 10^57. The entire Bitcoin network would need billions of years to brute-force a single code.

Mistakes I Made Along the Way

1. I underestimated spam.
Within 3 hours of launching the SMTP server, we received our first spam. Within a day, hundreds. A spam filter isn't a "nice to have" — it's survival.

2. Users will lose their access codes.
No matter how big the warning is, someone will screenshot the code, lose their phone, and email support asking to recover it. The answer is always the same: we can't. Zero-knowledge means zero recovery.

3. RTL languages broke everything.
Arabic and Urdu are right-to-left. Adding RTL support wasn't just flipping text — it meant rethinking the entire layout logic. CSS direction: rtl is just the beginning.

4. Email deliverability is a nightmare.
Getting other providers to accept your emails requires proper MX, SPF, DKIM, and DMARC DNS records. Even then, some providers are suspicious of new domains. It took weeks of warming up the domain reputation.

"Why Should I Trust You?"

Fair question. Here's my answer:

We don't ask for your data, so there's nothing to leak
We don't store IP addresses, so there's nothing to hand over
Access codes are bcrypt-hashed, so even a database breach reveals nothing
There are no ads, so we have no incentive to track you
It's free with no paid plans, so there's no bait-and-switch

The architecture is designed so that trust isn't required. We simply don't have your data. You don't need to trust someone who has nothing on you.

Try It

If any of this sounds useful to you:

🌐 qrypty.com — main site
📧 qrypty.com/register — create an account in 10 seconds
📖 qrypty.com/blog — articles on email privacy

It's completely free. No paid tiers, no feature limitations, no "upgrade to pro" banners.

I'd genuinely love feedback from the dev community. What would you change? What concerns do you have? What features are missing?

If you care about email privacy, you might also find these useful:

DEV Community: QRYPTY