Blocking Malicious IP Addresses and E-mails

Nadles

Nadles provides built-in tools to protect your API from unwanted traffic and fraudulent signups. From the My Settings section, you can block requests based on IP addresses or e-mail addresses. Changes take effect immediately after saving.

Quick Reference — Blacklist Syntax

Blacklist TypeFormatSpecial NotesExample
IP BlacklistOne IP or subnet per lineComments allowed, start with # or //
192.168.1.15
10.0.0.0/8

# Block known malicious IP from last incident
203.0.113.45

// Block VPN range
198.51.100.0/22
E-mail BlacklistOne address or pattern per lineRegular expressions start with re!; no comments allowed
spammer@example.com

re!^.*@disposablemail\.com$

re!^(fake|spam)user\d+@example\.org$

IP Blacklist

The IP blacklist blocks requests from specific IP addresses or entire subnets.
Each entry must be on its own line.

You can:

  • Block single IPs (192.168.1.15)
  • Block IP ranges using CIDR notation (10.0.0.0/8)
  • Add comments with # or // to describe the entry

Examples

192.168.1.15
10.0.0.0/8
# Block known malicious IP from last incident
203.0.113.45
// Block VPN range
198.51.100.0/22

E-mail Blacklist

The e-mail blacklist prevents signups or authentication from specific e-mail addresses or patterns. Each entry must be on its own line.

You can:

  • Block exact e-mail addresses (spammer@example.com)
  • Block patterns with regular expressions — start the line with re!
  • Comments are not allowed in this field

Examples

spammer@example.com
re!^.*@disposablemail\.com$
re!^(fake|spam)user\d+@example\.org$

How It Works

  • IP blacklist: Requests from listed IPs are blocked at the gateway level before reaching your backend.
  • E-mail blacklist: Blocks signup and authentication attempts from listed addresses or matching patterns.
  • Immediate effect: Updates are applied as soon as you save changes in My Settings.

Tips for Effective Blacklisting

  • Use CIDR notation to efficiently block entire IP ranges.
  • Maintain a list of disposable e-mail domains and block them with a single regex.
  • Combine with rate-limiting in Nadles for an extra layer of protection.
  • Periodically review and update your blacklists to remove outdated entries.
  • Keep regex patterns efficient — overly complex expressions can slow validation.

Sample Regex Patterns for Disposable E-mail Domains

You can paste these directly into your E-mail Blacklist field.
Remember: each regex must be on a separate line and must start with re!.

1. General Disposable E-mail Services

re!^.*@(mailinator\.com|10minutemail\.com|temp-mail\.org|guerrillamail\.com|dispostable\.com|trashmail\.com|yopmail\.com|getnada\.com|dropmail\.me|fakeinbox\.com|mytemp\.email)$

2. Popular Disposable Domains (Global)

re!^.*@(temp-mail\.io|moakt\.com|emailondeck\.com|spambog\.com|inboxbear\.com|mohmal\.com|throwawaymail\.com|maildrop\.cc|spamgourmet\.com)$

3. GuerillaMail & Variants

re!^.*@(spambox\.us|mailnesia\.com|sharklasers\.com|guerillamailblock\.com)$

4. European Temporary Mail Providers

re!^.*@(jetable\.org|spam4\.me|inboxkitten\.com|getairmail\.com|mailcatch\.com|anonaddy\.me|trashmail\.me)$

5. Miscellaneous Throwaway Domains

re!^.*@(tempemail\.co|tempinbox\.com|tempomail\.com|emailtemporanea\.com|temporarymail\.com|temp-mailbox\.com|tempr\.email|oneml\.com|mail-temporaire\.fr|pokemail\.net)$

6. Privacy Relay & Forwarding Services

re!^.*@(spamex\.com|burnermail\.io|shortmail\.com|filzmail\.com|binkmail\.com|letthemeatspam\.com|mailnull\.com)$