Temporary Email for Journalists: Protecting Sources and Investigations

What disposable email is, and what it is not

A temporary email address is a real inbox you can open with no account, use for a few minutes, and then abandon. It receives mail and, on a few services, can send a reply. What it does not do is encrypt anything. A message sitting in a disposable inbox is as readable to the provider, and to anyone who compels the provider, as a postcard.

That is the line that decides every other recommendation here. Source protection is about who can later prove that a particular source talked to you. Disposable email does nothing about the two things that usually answer that question: the metadata trail and the legal process that pulls it.

The metadata point is the one journalists underestimate. As the Freedom of the Press Foundation puts it, email metadata can be just as revealing as the content of messages, and investigators can obtain it with a subpoena or court order rather than the full warrant required for content. That lower threshold is not theoretical. In the leak case against retired General James Cartwright, the FBI used email metadata to show he had been in contact with a reporter numerous times over the four months before publication, which supplied the probable cause for a content warrant. A disposable address would not have closed that gap, because the connection itself, not the message body, was the evidence.

So treat a temporary inbox as a doormat, not a vault. It is useful for the first contact and for keeping low-value research off your real name. It is the wrong tool the moment a source's identity is the secret you are protecting.

The threat model: what actually exposes a source

Before choosing tools, name the adversary. The documented ways sources and reporters get exposed cluster into three categories, and disposable email addresses only one of them.

Legal compulsion

The most common exposure is a court order or subpoena aimed at a provider, not a hack. In 2018 the DOJ secretly obtained years of New York Times reporter Ali Watkins' email metadata from two personal accounts, with no advance notice, as part of a leak investigation. The U.S. Press Freedom Tracker also recorded that in 2023, at least 30 journalists and news organizations were summoned into courtrooms to identify their source or turn over reporting materials, and at least 12 journalists were arrested or faced dubious charges. After the DOJ's April 2025 reversal, the same memo also removed restrictions on gag orders, so a reporter may not learn their records were seized for months, or at all. A disposable inbox you control does not stop a subpoena to the mail provider that carried the message.

Device compromise

The second category is the targeted attack. Between August 2020 and January 2023, Citizen Lab documented at least seven Russian and Belarusian-speaking journalists and activists in Europe targeted or infected with NSO Group's Pegasus spyware. One of them, Meduza editor Galina Timchenko, had her phone infected with Pegasus while in Germany in February 2023. Against an adversary already inside the endpoint, no inbox choice helps, because the attacker reads the screen.

Ordinary account takeover

The third category is the mundane one that hits every email user. Phishing is present in 36% of breaches according to Verizon's 2024 report, and Proofpoint attributes 91% of cyberattacks to a phishing start. Reporters are high-value spear-phishing targets precisely because their inbox is a map of their sources. Here a disposable address actually does help, by keeping low-stakes signups and research off the account that holds your real correspondence.

Where a disposable inbox genuinely fits

Used honestly, a temporary address is a useful intake and triage layer. Three uses hold up.

First-contact triage

When a would-be source reaches a published tip line, the first exchange is often just establishing whether there is a story and whether the person is who they claim. A disposable address lets you run that opening without attaching your personal account, and lets the source send a first note without committing their real identity either. The instant you sense the material is sensitive, you move the conversation, and you say so plainly.

Research that should not carry your name

Verifying a claim frequently means signing up for the service you are investigating, registering for a webinar, or downloading a gated report. Doing that from your work address links your interest to your byline and, increasingly, to a data broker. The data-broker industry is valued at more than $250 billion, and a leaked or purchased record costs little: IBM puts the average cost of a stolen record at $169. Keeping research signups on a disposable address is cheap insurance against your investigation tipping off its subject.

Reducing your own breach surface

Every account you create is a future breach. Have I Been Pwned tracks over 17.5 billion compromised accounts. For the dozens of throwaway logins a working reporter accumulates, a disposable inbox means a breach of some forum or vendor never lands in the account that matters.

A tool like TempMailSpot fits this layer well: it is free with no registration, new mail appears automatically within seconds, the default 10-minute window can be extended without limit, and, unlike most receive-only rivals, it can send a reply behind a CAPTCHA so a first exchange does not force you back to your real address. It can also export a message to PDF, JSON, or EML if you need to preserve a tip before the inbox expires. None of that makes it secure communication, and it should never be described to a source as such.

Note the honest limit on official guidance: temporary email is not named in the Freedom of the Press Foundation's source-protection checklist or EFF's Surveillance Self-Defense guide. Those point to Signal, SecureDrop, WhatsApp, and OnionShare. Treat disposable email as your own triage convenience, not a recommendation you pass to a source.

The tools built for source protection

When the stakes rise above triage, switch to a tool designed for the job. The table below maps the common need to the established answer.

SecureDrop is the institutional standard for a reason: it lets a source share documents without ever revealing an email address, IP, or name to the journalist. Signal is the standard for conversation because the content is encrypted and the operator holds almost no metadata. A disposable inbox sits at the bottom of that ladder on purpose. It is the rung you step off, not the one you stand on.

The skills to use these tools well are increasingly common in the field. The Freedom of the Press Foundation trained more than 2,200 journalists in digital security in 2024, a 59% year-over-year increase. If your newsroom has a security trainer, this is exactly what they are for.

A practical workflow for first contact

Here is a concrete sequence for handling an unsolicited tip without over-promising safety. It assumes the material might be sensitive until proven otherwise.

1. Open a disposable inbox before you need it, on a network not tied to your home or desk if the topic is sensitive. Keep it separate from your real accounts and browser session.
2. Use it only for the opening message: confirm there is something to discuss and gauge the source's own risk appetite. Do not ask for documents or names yet.
3. Move the moment it turns sensitive. Send one line: "For your protection, let's continue on Signal" or point them at your newsroom's SecureDrop URL. Do not negotiate; the longer a sensitive thread lives in plain email, the more metadata it generates.
4. Preserve only what you must. If a tip contains something you need to keep, export it (PDF, JSON, or EML) to encrypted storage, then let the inbox expire.
5. Never store source identity in email. A name, a workplace, a photo, or a routine that identifies someone does not belong in any inbox, disposable or not.
6. Tell the source the truth about the tool. If they insist on using a disposable address, respond quickly, save what you need offline, and keep repeating the offer of a safer channel rather than pretending the current one is safe.

The goal is not to make disposable email secure. It is to use it only for the seconds when nothing irreversible is at stake, and to hand off before that changes.

Legal reality you cannot configure away

No tool choice substitutes for understanding the legal terrain, because most source exposures run through process, not hacking.

In the United States there is no federal shield law. The PRESS Act passed the House in January 2024 but has not been enacted, so federal investigators are not bound by statute. At the state level the picture is better: 49 states and Washington, D.C. recognize some form of reporter's privilege, with Wyoming the lone exception having neither legislation nor a controlling court decision. Those state protections remain in force even after the DOJ's 2025 federal reversal, but they do not bind federal cases.

Two implications follow. First, the provider holding a message, not the journalist, is usually where a subpoena lands, which is why a disposable inbox you control offers no legal shield over a sensitive exchange. Second, because gag orders can now accompany those demands, you should assume you will not be warned. Reducing the metadata you generate in the first place, by keeping sensitive contact off plain email entirely, is the only reliable defense, and it is one you choose at the workflow level rather than in any single app's settings.

The scale of the broader pressure is worth keeping in view. The U.S. Press Freedom Tracker documented its 2,000th incident across 11 violation categories in 2024. Plan your communications as if scrutiny is the baseline, not the exception.