惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
Cisco Talos Blog
Cisco Talos Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
V2EX
博客园 - 三生石上(FineUI控件)
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
D
Docker
S
SegmentFault 最新的问题
博客园 - 聂微东
美团技术团队
Apple Machine Learning Research
Apple Machine Learning Research
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Last Week in AI
Last Week in AI
M
MIT News - Artificial intelligence
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
GbyAI
GbyAI
L
LangChain Blog
Vercel News
Vercel News
博客园 - 叶小钗
MongoDB | Blog
MongoDB | Blog
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
Engineering at Meta
Engineering at Meta
T
Threat Research - Cisco Blogs
T
Threatpost
Scott Helme
Scott Helme
T
Tailwind CSS Blog
Latest news
Latest news
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
The Register - Security
The Register - Security
罗磊的独立博客
P
Proofpoint News Feed
腾讯CDC
S
Schneier on Security
雷峰网
雷峰网
A
About on SuperTechFans
T
Tenable Blog
F
Full Disclosure
Cyberwarzone
Cyberwarzone
博客园_首页
有赞技术团队
有赞技术团队
K
Kaspersky official blog

文章列表

Compulsive curiosity, or, how I built an infinite idea machine Gift details on the subscriber portal Portal link in the archive nav First, add no friction: How micropayments lost and subscriptions won Filter subscribers and automations by source Automations, rebuilt What email will look like in the future Filter subscribers by bounce date and reason Email could have been X.400 times better Three features are moving behind the paywall Put your name and voice into your company newsletter Simplified email address settings Subscription wall Inboxes were overwhelming before we'd even named them The US government tried really hard to screw up email Public postmortem: database connection exhaustion Ask a nerd: what is the best way to unsubscribe from newsletters? Bookshop.org embeds Email was into agents before they were cool Passwordless login Rename metadata keys in bulk A spring cleaning for our legal docs Ask a nerd: what happens when you click the spam button? Passkey support for two-factor authentication How Buttondown's API versioning works Safer defaults for the email creation API How to send email to space How we enabled Content Security Policy for everyone Recovery codes for two-factor authentication Filter sent emails by engagement rate How we migrated to TypeIDs without breaking clients How we check every link in your email Use newsletter metadata in your emails Should we bring back email exploders? Sort and filter by open and click rates Custom click tracking domains More newsletter settings in the API Revamped replies Custom email templates for everyone Simplified cancellation Ask a Nerd: Does email length affect deliverability? The changelog, reborn Swedish localization Forwarding an email is not always straightforward Public descriptions for tags OpenAPI spec for archives How Rodrigo brings a humanistic view to consumer technology Subscribers can come from anywhere. Even another newsletter platform's form. Survey responses on the web How Brandon Lucas Green shares his music and supports artists Your newsletter's archives are more valuable than your list Better tag self-management Smarter automation filters Granular API keys Snippets New design settings pages Ask A Nerd: How does newsletter cadence affect deliverability? Starred views More ways to customize your archives Inbox filtering Mastodon follower analytics Ask a Nerd: What are good open, click, and response rates for an email newsletter? How we migrated our database to PlanetScale Two new archive themes Custom buttons now work in Markdown mode Ask a Nerd: Does attaching files to your newsletter hurt deliverability? Seline and Tinylytics support Unban subscribers Announcement bars for your archives Bang paths, source routing, and how email trips were planned Public postmortem: archive downtime 2025 disposables.app Russian localization Ask a Nerd: Can you improve email deliverability with a personal domain? More locale options How we interview customers at Buttondown Bluesky analytics Reply to conversations Minimum viable complexity How Jeffery Hicks goes behind-the-scenes in his newsletter Changes to our stack in 2025 2026: Emails TK reminders in the editor What the hell is a UTM? Randomize survey answer order Why we insourced analytics Scroll sync in the editor 2026: Archives How Jamie Thingelstad uses Buttondown to explore tech topics How Kelly Jensen uses Buttondown to discuss key library issues Keeping feature creep at bay Improved filters Content Security Policy in archives Open source Sniperl.ink Auto-activating RSS reader subscriptions What the hell is ActivityPub? How Igor Ranc built Berlin's largest expat tech newsletter Gift subscriptions Template change history
Firewall changes and improvements
Justin Duke · 2026-04-19 · via

Depending on your perspective, it's either very boring or very interesting to read about changes to how we do firewalling. Ideally, of course, you would need to know nothing about the firewall — we would simply always do the correct thing at all points in time, invisibly and imperceptibly.

But different people want different things, and especially where subscribers are concerned, we try to err on the side of transparency and customizability so any author can get the exact setup that works for them. With that context, I'd like to walk through a handful of new additions to bolster your newsletter against incoming spam.

Attack mode

Attack mode, which is enabled for all accounts by default, automatically and temporarily turns on our strongest set of firewall functionality if we detect a surge of spam traffic headed your way. We send you an email whenever this happens.

While you can disable attack mode, I highly encourage you to keep it on even if you want lower firewall settings: few things can cause more serious long-term damage to your deliverability than a spate of a couple hundred or thousand bad email addresses getting associated with your newsletter or domain.

Embedded fingerprinting

If enabled (it's disabled by default), this setting will heavily penalize any incoming subscribers who subscribe through one of your embedded forms but don't have a fingerprint. This is a bit convoluted, so it's best explained in the context of what it catches: a particular genre of attacker that loads your subscription form in an iframe and then mass signs up to it programmatically.

If all of these words are meaningless to you and you don't know what an iframe even is, you likely don't have to worry about this one.

Denied user agents

If you've set up a custom hosting domain, you can now supply a list of user agents to block — things like GPTBot or Facebook's crawler. We'll automatically turn this into a robots.txt file for you, as well as inject <meta name="robots"> tags to (ideally) protect your content from unwanted traffic. It pairs nicely with our custom click tracking domains if you're already being thoughtful about how your newsletter shows up on the web.

As always, head to your firewall settings to configure any of this, and don't hesitate to reach out if you have questions.

Frequently asked questions

Because robots.txt is domain-wide, you can't have a customized one unless you're on your own specialized domain.

In all honesty, very little. If you're reading this, you're likely one of the 99.7% of Buttondown customers who are not targeted by very annoying adversarial spammers. And if all of this stuff seems completely irrelevant to your life, then that is, trust me, a good thing.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。