SMS

MrSMS

Item: MrSMS
Rating: 6
Author: KYC No Thanks

MrSMS sells virtual phone numbers for SMS verification with cryptocurrency payments, promising pseudonymous access but scoring poorly on privacy and trust metrics.

6.0

out of 10

L1 Anonymous

Non-custodial No email required No IP logging 5 payment options

Visit website Suggest an update

// review

Overview

MrSMS is a virtual number provider targeting privacy-conscious users who need disposable phone numbers for online account verifications. The platform advertises coverage across 190+ countries and emphasizes instant SMS delivery for one-time passcodes. Users can access the service without submitting government ID or real names, positioning MrSMS as a no-KYC alternative to traditional telecom verification. The project maintains an open-source codebase and operates a Tor-accessible mirror, signaling alignment with cypherpunk values. However, multiple third-party trust evaluators flag serious concerns: Scam Detector assigns a 14.7/100 trust score with elevated phishing and malware risk indicators, while Gridinsoft's automated analysis lands at 57/100 and explicitly warns of limited independent reputation data combined with a recently registered domain.

The service launched its domain in July 2025, making it roughly ten months old as of mid-2026. Ownership records are fully redacted through an Icelandic privacy shield, which is standard for anonymity-preserving operators but complicates accountability. The platform has surfaced in niche communities including BlackHatWorld, where the operator actively solicits inclusion in SMS verification provider lists, suggesting grassroots rather than organic growth.

Privacy & KYC

MrSMS technically qualifies as L1, Anonymous under standard KYC tiering. No email address, legal name, or identity document is mandatory at signup. This pseudonymous access model appeals to users creating secondary accounts, managing pseudonymous identities, or simply avoiding phone-number linkage across services.

Despite the low KYC barrier, the privacy picture deteriorates sharply on closer inspection:

IP logging status is unconfirmed, the operator does not publish a clear policy on whether visitor IPs are retained, correlated with payments, or shared with infrastructure providers.
Zero privacy score in our methodology reflects this opacity plus the absence of published data-retention or deletion policies.
Data collection forms on the site may request personal identifiers including names and email addresses according to automated content scans, creating potential contradictions with the anonymous marketing narrative.
Domain blacklisting appears on multiple security engines, though the specific nature of these listings remains undisclosed in public scans.

The open-source claim offers some mitigation, auditable code reduces the risk of hidden telemetry, but without verified reproducible builds or third-party security audits, users must trust that the deployed instance matches the published source.

Supported assets & payments

MrSMS accepts a notably broad payment spectrum for its category. Cryptocurrency options include Monero (XMR), Bitcoin (BTC), and Lightning Network transactions, covering both maximal privacy and low-fee use cases. The inclusion of Monero is particularly significant for no-KYC users, as XMR's default privacy protections break on-chain payment tracing. Fiat and cash payments are also listed, though the mechanism for anonymous cash settlement is unspecified and likely involves intermediary friction.

This multi-asset flexibility distinguishes MrSMS from competitors that restrict payments to traceable cryptocurrencies or conventional card processors. For users holding privacy coins, the Monero integration represents a genuine usability advantage.

Security & custody

MrSMS operates as a custodial service by necessity, users do not control the underlying phone numbers or message infrastructure. The platform hosts virtual numbers on its own systems, meaning message content and metadata pass through MrSMS servers before user retrieval. This centralization creates a honeypot risk: a compromised or compelled operator could theoretically access verification codes, link them to payment timestamps, and de-anonymize accounts created elsewhere.

Security positives include valid HTTPS through Google Trust Services with certificate expiry in June 2026, and the Tor gateway providing an additional access layer for users requiring location anonymity. However, the trust score of 4/100 reflects severe external skepticism. Scam Detector's algorithm flagged a 70/100 phishing score and 48/100 malware score, automated readings that may reflect neighboring infrastructure or embedded third-party content rather than direct malicious intent, but which demand user caution regardless.

No multi-sig, no end-to-end encryption for message delivery, and no published incident response plan are observable gaps. Users treating MrSMS as a critical security component should compartmentalize, isolate payments, access only via Tor, and never reuse numbers across sensitive accounts.

Who it's for, verdict

MrSMS occupies a precarious position in the no-KYC ecosystem. The 6/10 overall score reflects genuine utility for low-stakes, disposable verifications balanced against substantial trust deficits. It suits researchers, developers, and privacy hobbyists who need occasional SMS reception without identity exposure, can tolerate service instability, and practice strict operational security.

It does not suit high-assurance threat models. The combination of redacted ownership, recent domain registration, blacklist appearances, and zero verifiable privacy commitments makes MrSMS unsuitable for journalists, activists, or anyone whose safety depends on provider integrity. The open-source offering and Tor availability are meaningful differentiators, but without community audit or longevity, they remain promises rather than guarantees.

Prospective users should fund minimally, verify number functionality on a test account before critical use, and maintain alternative verification channels. MrSMS demonstrates what a privacy-native SMS service could look like; whether it becomes what such a service should be depends on sustained transparent operation and independent validation that has not yet materialized.

Data sourced from kycnot.me

Pros

Pseudonymous signup with no mandatory email or identity documents
Monero and Lightning Network payments for privacy-preserving transactions
Tor gateway available for location-anonymous access
Open-source codebase enables theoretical auditability
Broad geographic coverage with 190+ country numbers

Cons

Extremely low trust scores from multiple independent evaluators
Domain blacklisted on security engines with elevated phishing flags
No published privacy policy or clear IP logging stance
Very new operator with minimal track record and redacted ownership
Custodial message handling creates centralization risk

At a glance

Non-custodial

No email required

No IP logging

Why this score

Anonymous

Pseudonymous access, no personal data.

Frequently asked questions

Is MrSMS truly anonymous?

Access is pseudonymous — no ID or email is required. However, the lack of a clear privacy policy and potential IP logging means determined adversaries may still trace usage. For stronger anonymity, combine Tor access with Monero payments and compartmentalized browser profiles.

Can I use MrSMS for banking or exchange verification?

We strongly discourage this. Financial institutions actively block virtual numbers, and MrSMS's low trust scores and custodial model create unacceptable risk for high-value accounts. Reserve this service for low-stakes registrations only.

Does MrSMS keep message logs?

The operator does not disclose retention practices. Assume messages are stored indefinitely and could be subpoenaed or breached. Treat all received codes as potentially visible to the platform.

Why does Scam Detector rate MrSMS so poorly?

Automated scoring weighs domain age, blacklist presence, and proximity to suspicious infrastructure. The 14.7/100 score reflects these technical signals rather than confirmed fraud, but the pattern warrants caution until independent audits emerge.

Is the open-source code safe to self-host?

Published source reduces hidden-backdoor risk, but security depends on your own review and hardening. The project lacks documented third-party audits, so standard open-source caveats apply.

Update log

May 25, 2026
Confirmed certificate validity through June 2026 expiry date
Apr 26, 2026
Reviewed BlackHatWorld operator engagement for community signal
Mar 22, 2026
Flagged data-collection form findings from automated content scans
Feb 20, 2026
Cross-referenced domain registration age against WHOIS records
Jan 18, 2026
Added Scam Detector and Gridinsoft trust evaluations
Dec 14, 2025
Adjusted privacy score to 0 following policy opacity review
Nov 12, 2025
Updated supported-coin list after Lightning implementation confirmed
Oct 13, 2025
Re-verified Tor onion mirror accessibility

Scores

Overall 6/10

Privacy 0/100

Trust 4/100

Accepted payments

Monero Bitcoin Lightning Fiat Cash

Features

Tor available
Open source

Visit website

Related services

Silent.link

silent.link

8.2

/ 10

top SMS Privacy Other services

Silent.link offers borderless eSIM mobile data and private US/UK phone numbers without any identity verification, accepting Bitcoin, Lightning, and Monero for true anonymity.

L0 Trustless

BTC LN XMR

›No signup ›Tor available ›Worldwide

Crypton.sh

crypton.is

8.0

/ 10

SMS e-SIM

Crypton.sh provides anonymous phone numbers, travel eSIMs and SMS verification codes without requiring identity documents, email or even account registration.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›No signup

Narayana

narayana.im

8.0

/ 10

SMS e-SIM

Narayana is a long-running Estonian telecom offering anonymous SIM cards, eSIMs and virtual numbers across 50+ countries with zero identity verification and cryptocurrency payments.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source