Chinese proxy services selling discounted access to OpenAI, Claude, and Gemini at 50-80% below retail are not a small operation. Marketplaces like humkt.com operate openly and advertise heavily discounted credits. They’re upfront about the use of stolen accounts and disposable emails, while also sometimes offering access to frontier AI models through aggregated and proxied accounts.
The White House Office of Science and Technology Policy flagged this in April 2026 as an industrial-scale distillation campaign: foreign actors using tens of thousands of proxy accounts to flood US AI systems with requests, extracting enough model behaviour to train functional knockoffs at a fraction of the cost. Anthropic had already quantified the problem in February, tracing 16 million exchanges back to roughly 24,000 fraudulent accounts linked to Chinese AI firms. What neither disclosure addressed in detail is the registration layer that makes bulk account creation viable in the first place: disposable email infrastructure, which quietly enables the kind of identity churn these operations depend on.
Data from TempMailDetector.com’s provider network puts numbers to that layer in a way public reporting has not.
The Provider That Named Itself After ChatGPT
The third most-detected temp email provider as of May 2026 in Temp Mail Detector’s network is mail.chatgpt.org.uk. It operates 1,190 identified domains and was ranked second as recently as last month.
Of the top five most-seen email subjects passing through the provider’s domains, all five are ChatGPT or OpenAI account verification emails, with a Chinese-language variant (“你的 ChatGPT”) ranking third at 92,023 occurrences. The top subject alone accounts for over 324,000 messages.
YYDS Mail (yyds.215.im) also publishes its own operational statistics. With over 10.9 million email addresses created, 510,000 currently active inboxes and 1,466 domains across its network of which 1,406 are verified. The service publishes a live domain leaderboard ranking its most-used domains by total address generation.
The top domain alone has been used to create 689,715 addresses; the second 168,000; the third 131,000. Ten domains account for over 1.7 million address creations between them.
The name itself is Chinese internet slang: YYDS is the pinyin abbreviation of 永远的神, meaning “eternal god” or “GOAT”. The service is not marketed in English, its interface is Chinese language by default, and its GitHub contact is a Gmail address under the same handle. This is a temp email provider built by and for a Chinese speaking user base, operating at a scale that places it firmly in the infrastructure tier rather than the hobbyist tier. The yyds.215.im subdomain serves as the public-facing free entry point, while vip.215.im offers the paid API layer with webhook support and custom domain provisioning. This is the full stack needed to run account creation at volume and an automated attack.
An argument we often see against disposable email detection is that it erodes user privacy. This is true to some extent, but it is evidently not privacy conscious individuals who are cycling through throwaway accounts. The patterns we’re seeing here are that of an organised operation generating addresses at scale for a specific purpose.
It goes without saying that using a grey market proxy service like humkt to gain AI API access carries risks that go well beyond losing your account. Every prompt you send is routed through infrastructure controlled by an unknown third party whose core business is selling fraudulently obtained accounts. There is no privacy policy with any legal standing, no contractual obligation to protect your data, and no way to verify what is logged or where it goes. The accounts powering the service are harvested through exactly the kind of temp email abuse described above. We know they are actively being detected and terminated by OpenAI and Anthropic as this is a recurring topic of discussion on Reddit support threads.
As the underlying accounts violate the terms of service of the provider involved, any association between your own IP, email address, or payment details and the proxy service can result in your legitimate accounts being flagged or permanently banned, however for users in China this risk may be minimal as the service is already banned there. It’s almost nearing SPAM’s financial model of something for nothing.
How the Largest Provider Evades Blocklists
tempmail.lol is the single most-detected provider in our network, currently ranked first for the second consecutive month, with 2,244 domains identified and growing. Its technical approach is distinct from mail.chatgpt.org.uk and worth examining separately, because it represents a more sophisticated evasion model.
Rather than registering hundreds of fresh top-level domains or offering credits/tokens/access as a reward for registered domains, tempmail.lol operates primarily through subdomain generation on a rotating set of parent domains. The identified domain list includes bl.autofixmax.com, 3t.autofixmax.com, h9.autofixmax.com, and so on. The same pattern repeats across basketrise.com, chillart.org, blaizesmp.net, dogmrp.com, and for4u.net.
From a single parent domain registration, this approach can produce thousands of distinct email addresses, each appearing as a unique subdomain. Simple domain level blocklists fail against this because blocking autofixmax.com requires blocking every subdomain, and the parent domain itself may appear legitimate. The addresses look different on every signup. The provider gets the scale of a large domain portfolio without the cost or registration footprint of maintaining one.
What Market Share Movement Tells You About the Proxy Economy
Our market share data tracks provider dominance over a rolling three month period. temp-mail.org moved from third to second rank in the current period. mail.chatgpt.org.uk dropped from second to third. These shifts are not random. When one provider experiences heavier detection, usage migrates to the next available option.
This is the structural characteristic that makes the problem persistent. The proxy operations sourcing temp email addresses are not loyal to any single provider. They monitor detection rates, rotate between services, and move volume to wherever the friction is lowest. The market share visualisation shows this dynamic as a slow continuous flow between bands: no single provider dominates indefinitely because detection pressure eventually forces diversification.
For AI companies relying on static blocklists, this means the list is always behind. A blocklist pulled one week ago and not updated will miss latest domain additions and won’t cover many of the domains caught and attributed via heuristics. The domain generation velocity in tempmail.lol’s subdomain model alone means a static list decays meaningfully within hours. That detection gap is precisely what makes the grey market viable. The faster domains rotate, the lower the cost of sourcing fresh credits.
The Cost Structure of the Grey Market
To understand why this abuse is worth the operational overhead, consider the economics. A service like humkt.com sells API access at a fraction of retail. The margin between what they charge and what they pay depends on how cheaply they can source credits. Free trial abuse is the lowest possible cost. A fresh OpenAI or Anthropic account provides some amount of free credits. Multiplied across hundreds or thousands of accounts provisioned through temp email addresses and the aggregate credit volume eventually becomes a meaningful inventory to resell.
Who Buys Discounted Credits
The buyers are largely developers and small teams, predominantly in China, where retail access to OpenAI and Anthropic is either blocked or prohibitively expensive relative to local market rates. Forum threads on Reddit and Chinese platforms show a consistent profile: individuals building side projects, startups, and resellers arbitraging the discount further down the chain. The grey market exists because the price gap is large enough to absorb the operational risk. A developer paying 20% of retail for Claude or ChatGPT access has little incentive to ask where the credits came from.
What Detection Needs to Cover
The email address is the single required input to every fraudulent account creation. Blocking it effectively means operating at the domain level, not the address level, with a database that updates continuously. Static lists fail because the infrastructure rotates faster than manual curation allows. Subdomain generation compounds this: a single parent domain can produce thousands of distinct addresses, each appearing legitimate to a pattern-matching filter. Detection needs to cover domain reputation, subdomain heuristics, and provider network correlation, not just known bad addresses.
Temp Mail Detector identified every provider discussed in this post. The database covers thousands of disposable domains and updates continuously as new infrastructure appears. GDPR compliant by design, Temp Mail Detector validates only the domain and not the full email address. Get a free API key — 200 lookups per month, no credit card required.