Stop Sending Your Private Life to a Stranger.

If you are using notheld.com as a dummy email. We own it.
We see everything you send here.

Every day, we receive password resets, bank confirmations, and medical records meant for you—because you used our domain to sign up for a service you didn't trust.

⚠️ This is a security nightmare for you, and an administrative headache for us.

What happens when you use a fake email?

When you type [random]@notheld.com into a sign-up form to avoid spam, you aren't hurting the corporation—you are hurting yourself.

We receive misdirected emails every day. These include:

Financial Alerts: Information from your bank.
Credentials: Password reset links for social media and work accounts.
Personal Data: Insurance renewals, appointment reminders, and legal documents.

We delete these without reading them. But the next domain owner might not. You are potentially handing over your digital identity to whoever owns the domain you guessed.

Still skeptical? Here is your test.

Go to any website you use—Netflix, PayPal, Amazon, or your bank. Click "Forgot Password" or "Forgot Username."

Enter your real username or the email address you think you used.

If the site says:
"We have sent a reset link to r******@notheld.com"

...then you are the person we are talking about. That code went to us, not to you. You are locked out of your own account and relying on a stranger (us) to stay secure.

Fix it now, before that code is for something irreversible.

How to stop sending us your data:

1. Search your own real email account for mentions of us.

Open your Gmail/Outlook and search for @notheld.com. You won't find the actual emails (because we have them), but you will find the receipts and confirmation pages from when you signed up. That tells you exactly which accounts are compromised.

2. Log into those services and update your email address.

Go to your banking apps, social media, and subscriptions. Change the contact email to one you actually control.

3. Do NOT use our domain for 2FA or verification codes.

If you request a two-factor authentication code and enter our domain, that code lands in our inbox. You will be permanently locked out of that account.

4. (For the future) Use "Plus Addressing" instead.

If you want to track who is selling your data, use your real email provider's "plus" feature (e.g., youremail+netflix@gmail.com). This keeps your data safe, lets you filter spam, and actually goes to you.

👨‍💻 A note to developers & QA testers:

Stop using @notheld.com in your testing environments, demo data, or seed files. You are polluting our production mail server with thousands of automated test emails.

Use @example.com (which is reserved by RFC 2606 for documentation) or set up a local SMTP trap like MailHog. Do not use live, registered domains for dummy data.

Disclaimer: This domain operates a "closed" email system. Any mail sent to this domain that is not explicitly addressed to a pre-registered, active mailbox is automatically discarded upon arrival. We do not store, process, or read misdirected mail.

By sending mail here, you acknowledge that we do not guarantee delivery, privacy, or security of your data. If you believe you are receiving sensitive information in error, please contact the sender directly to correct your email address.

For abuse complaints or removal requests, please update your email address with the sender directly. We cannot action removal requests on your behalf.