Blocking Mailbait

Recently I’ve been getting a lot of mail from the feedback loops I subscribe to indicating that someone has gotten a subscription confirmation message and they considered it spam.

After digging into my logs I noticed a few things …

  • The subscription requests are being initiated from TOR exit nodes.
  • The web requests that initiate the subscription have “mailbait.info” as their referrer.

This ‘mailbait.info’ service is supposed to allow you to fill your mailbox … why anyone would want to do this is beyond me … and it has absolutely ZERO protections against submitting someone else’s email address.  As such, it just ends up generating spam.  And a lot of the twits that are using this ‘service’ are hiding behind TOR nodes, which protects their IP address.

And there’s no mechanism to remove a mailing list subscription form from their database …

MailBait uses visitor submitted information as an interactive computer service. This service is provided ‘as is’ with no warranty. If your website has been indexed by a visitor, and you wish visitors from MailBait to not interact with your page, you can change the page url, implement CAPTCHA, or implement a mechanism to reject form submissions from visitors that originate from MailBait.

OK, so the creator of this service basically just wants to create a mechanism to annoy and harass both list server administrators and innocent email users on the internet.

Luckily mailbait.info does set a referrer that can be detected in the Apache configuration … so I added the following to the mailing list website’s configuration:

RewriteEngine On
RewriteCond %{HTTP_REFERER} mailbait\.info [NC]
RewriteCond %{request_uri} !^/mailbait.html$          [NC]
RewriteRule .* /mailbait.html                        [R,L]
#RewriteRule .* - [F]

Here’s what the rule set is doing:

  1. If the HTTP referer (web site a browser is coming from, as identified by the browser) contains mailbait.info, and
  2. The request URL is not ‘/mailbait.html’, then
  3. Redirect the user to /mailbait.html on my server.

The mailbait.html file contains tells people that they are not allowed to use mailbait.info on my list server.

Alternatively you can use the commented out RewriteRule to just send a 503 error back to the browser.

Another technique is to set an environment variable if the referrer matches mailbait.info and deny the request using a conditional ‘Deny from’.

SetEnvIf Referer mailbait\.info mailbait
Deny from env=mailbait

This particular method requires that the directive be inside a <Directory> container.

6 thoughts on “Blocking Mailbait

  1. themailbait

    cool blog.

    you’re points are well taken that a layer of identity approval should be added to minimize abuse. I’ll see if I can get that runing in the next few days.

    mailbait.info

    Reply
  2. Mike

    Thanks for your advice! This has been a huge pain to me as mailbait sends subscription requests to all of the email lists I host for various local non-profit organizations. Unfortunately, mailman (the list server) doesn’t offer an automated or easily scripted way to discard all of the subscription requests that mailbait generates.

    From their FAQ, they openly state that they’re enabling spam: “Please treat other people’s email with respect and don’t sign them up for spam regardless of how much you think it would be funny.” Great.

    Reply
  3. Heidi

    Is there a way to break this down for a non-tekkie who has been the victim of this vicious prank in my hotmail account? I have had nearly 5000 subscriptions I did not request in the last 3 days. I can’t stop it and I am losing track of real emails in the midst of the cyber storm. Please help!

    Reply
      1. Melinda Gonzalez

        Hi, I’m not the OP but I’m a victim, I can’t stop the emails from flooding in. Most are from WordPress groups. *sigh* I have Gmail. What do I do??

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *