Jump to content.

Testing now: Sending – our most requested feature!

Today we are rolled out a beta version of the most requested feature: ability to Compose, Forward and Reply emails.

We also added the ability to transfer files! Right now, the maximum is 150MB, but this will change in the future as we improve our system. We’re thinking that in the future, Guerrilla Mail may be used for temporary file hosting – right now, files stay up for 24hrs for whoever has the link from the sent email.

This is just a beta version for now, we’ll see how it goes. Currently we have use mandatory CAPTCHA to deal with spam. We also run the outgoing messages through a spam filter to check spam.

We hope to get your feedback! http://www.guerrillamail.com

New Feature: Alias Address

Guerrilla Mail doesn’t require registration or login – you simply visit the site and a new email address is minted right before your eyes, no clicking or typing necessary.

That’s great, however, since there’s no password, you’ve probably already assumed that anyone who knows your Inbox ID may have access to your email. That’s satisfactory for most cases, but if you need more privacy and security, then we have the Alias Address feature.

Using an Alias Address will further protect your privacy and security by providing you with a special address which points to your inbox, but hides your Inbox ID.  Alias Address cannot be used as an Inbox IDs, so it’s not easy for someone to know what Inbox ID was used.

For example, an Alias for test@guerrillamail.com is sjyj+wok@sharklasers.com

For the best results, make your Inbox ID harder-to-guess! Why?

Because the Alias is always identical for each Inbox ID, and if you use a common name such as ‘test’, there’s a greater probability that someone used the identical Inbox ID before, and they have remembered which Inbox ID generated that alias. Email addresses are often leaked on the web, so someone could do a web search for the Alias to see if it has been used it before. Of course, these are just possibilities – not that anyone would want to do that, and you’re better off instead with using and email service provider that actually has passwords and 2-factor authentication. [Insert a Paranoid Parrot meme here]

So, the Alias Address adds another layer of security without the need for passwords. The random 8 character address given to you at the start should be adequate for most uses. Enjoy!

‘Extend’ Button Removed

Antoine de Saint-Exupery once said “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

Today we removed the ‘Extend’ button. There no need to extend the time any-more! Now it will extend automatically for as long as you stay on the site. Actually, that’s how it worked for a year now. The extend button was just a placebo and wasting bandwidth ;)

All addresses work all the time now, so they cannot expire. We capture email for all addresses into the quarantine.

When an email arrives at Guerrilla Mail, it waits in the quarantine for up to 1 hour. If a user checks their inbox, Guerrilla Mail will check the quarantine for new email. If found, the email will be moved from the quarantine. Else, emails will be deleted from the quarantine if they wait for longer than one hour to be picked up.

Once the email is in an inbox, it will be given 1 hour more, or until the user deletes it.


Updates: HTTPS always on

Today we turned on SSL for guerrillamail.com and decided that HTTPS will always be on for all web traffic. This should help increase privacy, and get ready for some other features that may be rolled out in the near future! Although Guerrilla Mail doesn’t need passwords, it still uses sessions, which means that using HTTPS will ensure that the session information is always encrypted when it is transferred on the internet.

Here is a summary of what was rolled out today:

– Increased page load speed: Split in to ‘on-demand’ tabs, Password Manager is loaded on demand, moved all the social buttons to the About Us page.

– User Interface changes:  Adjusted styles for buttons, moved content up so that inbox  is more visible, email is selected by default so that it can be copied with the keyboard, re-arranged domain selection, changed Inbox id editing to be more obvious

– Password Manager bug fixes

– Fixed a bug with IE8 (thanks for reporting)


Finally, here is a cool plugin you can use to turn HTTPS on by default with many major websites:

“HTTPS Everywhere” https://www.eff.org/https-everywhere/


Thanks for visiting us!

New Feature: Password Manager

Wouldn’t it be great to remember only one password, but use a different password for each site?

Most definitely, it would be great! Especially with the increase of high-profile hacking incidents, it’s becoming even more important these days not to re-use a password. That way, if your password is compromised for one site, then it won’t be compromised for all others.

“Remember a new password for each site?”, we hear you cry! Yes, it’s impossible to remember a new password for every site that you register with, so that’s why you may need a Password Manager.

This was one of the most requested features, and we thought that this would be an awesome addition.   So we’ve added a new ‘Password Manager’ feature under the new Tools tab.

See http://www.guerrillamail.com/tools

So how is it different to a normal password manager?

The main difference is that your master password is never sent, stored or transmitted in any form. Not even the ‘hash’ or signature. Nothing. Everything done on the client-side.

The generated password will always contain at least one number, one upper case character and one symbol. We may add fancy options later for this, but right now, lets keep things simple to just one option.

Yes, we know –  These rules that most websites impose don’t make sense for us, because there is always a chance that our Password Manager may generate a super strong password even without numbers, upper-case and symbols. In fact, in some cases, websites who impose these rules may unintentionally reduce the search set so that a cracker doesn’t have to try all the combinations…

How to use it?

Type in the domain name of the site asking for login and enter a very strong Master Passphrase. http://en.wikipedia.org/wiki/Passphrase

You may copy and paste the url or host name of the site that is asking for a password. There will be a counter showing how many characters the new password will be. The minimum is 8 characters. If you want to have a longer password, just type in a longer Master Passphrase.

How does it work? (Warning: Nerd Talk ahead)

You may wonder about the technical details. Here is how it works:

1. A hash is taken from the Master Passphrase using SHA256 algorithm.

2. The hash from step 1 is passed through 10,000 rounds of HMAC-SHA256, this process is mainly for key stretching (see http://en.wikipedia.org/wiki/Key_stretching). The domain name is used as salt.

3. The hash from step 2 is used to to generate a new password. The domain is used as the salt, again.

4. If a password is not found according to the rules, repeat step 3, but this time change the salt by appending a counter.

– From a 256bit value, the generated password is converted from base 16 to a base of the following alphabet: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`~!@#$%^&*()_-+=}]{[;:”\’?/>.<,

– All this is done in your browser using Javascript.

One final note. This tool is in beta and doesn’t guarantee anything or carry any warranty. Use at your own risk. Although this should be perfect for most Guerrilla Mail use cases.