Spinupmail logoSpinupMail
DocsApp
Free & Open Source

Self-host disposable emails
for teams on Cloudflare

Create unlimited email addresses with attachment support for you/your team, access via dashboard or API. Set TTL, allowed senders, auto-cleanup, and more.

Get StartedView on GitHub
test-user-1@spinupmail.dev
Expires in 42m
gmail.comPassword Reset Request
2m
github.comPipeline Alert
9m
example.comSMTP Service Testing
21m

Tech Stack

Cloudflare Workers, D1, R2 logoCloudflare Workers, D1, R2Better Auth logoBetter AuthDrizzle logoDrizzleHono logoHonoTanStack Start logoTanStack Start

scaffolded with better-auth-cloudflare

Built for temporary emailsin real team workflows

Spinupmail gives teams controlled inboxes, isolated workspaces, and automation-ready APIs for testing, verification, and internal operations.

Address controls

Create addresses with TTL, domain allowlists, and configurable inbox cleanup behavior.

Address
test-signup-flow@spinupmail.dev
TTL
120 minutes
Max
25 emails
Action
cleanAll on limit
Allow
gmail.comexample.com

Team workspaces

Role-based organizations, and shared inbox visibility keep projects isolated by default.

Operations
6 members
QA
4 members
Support
3 members

REST API

Automate everything with API keys (`spin_...`) plus required `X-Org-Id` scoping.

POST/email-addresses
GET/emails?addressId=...
GET/emails/:id/attachments/:attachmentId
DEL/email-addresses/:id

Integrations

Route inbound email events to external notification channels with organization-scoped subscriptions. Events are dispatched asynchronously via Cloudflare Queues with retry controls.

TelegramProvider availableemail.receivedSupported eventQueue dispatchAsync delivery

Operational visibility

Track org-level email volume, inbox growth, and recent address activity from the dashboard.

14 days agoToday

Cloudflare-native architecture

Run API, intake, storage, and frontend on Cloudflare services.

WorkersAPI + email handlerEmail RoutingInbound deliveryD1Message metadataR2Attachments/rawPagesFrontend

Security defaults

Guardrails for identity, abuse prevention, and access control are available out of the box.

Turnstile protectionEmail verificationTwo-factor authScoped API keysRate limiting

Inbound email process

Requests are validated in sequence: intake, policy checks, parsing, storage, and organization-scoped reads.

Step 01

Email Routing intake

Inbound messages arrive through Cloudflare Email Routing into the Worker email handler.

Step 02

Address + sender policy check

Disallowed or expired sender-domain traffic is rejected before storage.

Step 03

MIME parse + sanitize

Bodies are parsed, HTML is sanitized, and oversized data is capped to protect D1 writes.

Step 04

Persist to D1 and R2

Metadata lands in D1. Attachments and optional raw MIME go to scoped R2 object paths.

Step 05

done

Scoped retrieval

UI/API reads require organization scope, including API key usage with X-Org-Id.

Stored in D1
Relational store

Address records, message metadata, sanitized body text/HTML, and attachment metadata for fast organization-scoped queries.

Stored in R2
Object store

Attachments are persisted per org/address/email path. Raw MIME can be enabled for debugging and downloaded through authenticated routes.

Self-host setup in three steps

The deployment flow is explicit: provision Cloudflare resources, configure bindings, deploy Worker + Pages, then route API traffic.

Open Full Deployment Guide
01

Clone and install

Clone the repository and install dependencies from the project root with pnpm.

02

Provision Cloudflare resources

Create D1, KV, and R2 resources, then configure Worker bindings and secrets in wrangler.toml.

03

Deploy backend and frontend

Deploy the Worker and Pages app separately, then route /api/* to the Worker on your domain.

terminal

Clone the repo and install workspace dependencies.

$ git clone https://github.com/ridvan/spinupmail
$ cd spinupmail && pnpm install

All actions available in the API

Use the API for CI, QA harnesses, and scripted workflows with the same organization-scoped endpoints shown in the dashboard.

  • Create and update temporary addresses
  • List messages with org-scoped headers
  • Download attachment binaries securely
  • Use API keys with required X-Org-Id scope
Read API Usage Docs
terminal
POST/api/email-addresses

Create an email address with TTL and sender controls.

$ curl -X POST /api/email-addresses \
-H "X-API-Key: spin_..." \
-H "X-Org-Id: org_abc123" \
-H "Content-Type: application/json" \
-d '{
"localPart": "signup-test",
"domain": "spinupmail.dev",
"ttlMinutes": 120,
"acceptedRiskNotice": true
}'

Ready to deploy Spinupmail?

Use the setup guide to deploy Worker + Pages on Cloudflare, then create addresses, wire integrations, and automate inbox workflows.

Open InstallationReview Source