惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
M
MIT News - Artificial intelligence
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
雷峰网
雷峰网
I
InfoQ
罗磊的独立博客
博客园 - 聂微东
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
博客园 - 三生石上(FineUI控件)
The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
H
Help Net Security
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
WordPress大学
WordPress大学
T
Tenable Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
A
Arctic Wolf
T
Threatpost
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
Security Latest
Security Latest
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
S
Schneier on Security
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

Buttondown's blog

Email could have been X.400 times better The physicists who convinced Fermilab to send Brazil's emails Better in-app previews Analytics 3.0 Subscriber ID variables Comments! Send latest premium action Automation filtering Free API subscribers Surveys in automations Reply to replies Labels for RSS feeds How Jeremy Singer-Vine curates curious datasets for readers 2023 (and what's next) Email vs web content Sort by engagement Better gift subscriptions How Andy Dehnart built a career reviewing television New email template Email-based automations Opt-in reply tracking Automatic alt text More social network integrations Sort by metadata Overlarge image warnings Automation tag actions Pause emails mid-flight Search tags and automations Gift via automations Subscriber-driving emails Programmatic webhooks Email page views Tag statistics Discord webhook formatting Automatic subscriber cleanup RSS subscriber count Weekly subscriber reports More list columns Customizable list views How Max Voltar turned a side gig into a trusted keyboard resource How Nick Disabato runs two newsletters from one design consultancy Made-for-you share images Automation improvements End-of-email surveys Filter by date Survey-triggered automations More automation functionality New webhooks How France Insider built a news service with paid subscribers Email as primary key How John Willshire unites two businesses in one newsletter Confirmation reminders Email churned subscribers Email-to-draft Subscriber metadata columns ChatGPT integration Faster web archives Referral program Better search results TikTok embeds Subscriber timeline Spotify embeds Improved RSS-to-email Subscribe page OG image New analytics page Google Tag Manager Even more subscriber types Integrating Duda with Buttondown Linktree integration guide Advanced and enterprise plans Framer integration guide API requests page Team collaboration In-email surveys Better CSS settings Better RSS automation fetching! Editor toolbar improvements Smart filters Faster emails page RSS automations Faster email analytics Zapier error codes Image accessibility checks Tags vs newsletters OG image picker Image editor improvements API bulk actions Improved OpenAPI spec Mastodon support Better subscriber filtering Better subscriber validation Hotkey support! Programmatic access to analytics Stronger bulk actions Faster archive page Custom canonical URLs Email slug and metadata Improved writing interface Generating a Typescript router in Django Filter emails by source
Public postmortem: external events backlog
Justin Duke · 2025-03-27 · via Buttondown's blog

TL;DR

A misconfiguration on one of our self-hosted SMTP servers led to a crash that was difficult to recover from, causing many emails to become “stuck” in the system. The effects varied—some emails were delayed, some were sent multiple times, and some never went out at all. We have since corrected the configuration, are actively investing in improved tooling and alerting, and are building safeguards to prevent this kind of situation going forward.

What happened?

Buttondown uses various providers to deliver emails from authors to subscribers. Alongside third-party vendors, we also run our own fleet of servers for this purpose—referred to here as postal servers, in reference to the open source project we rely on.

On a recent Wednesday morning, we received automated alerts from our monitoring system indicating an unusual backlog of emails. Further investigation showed that one postal server was taking an excessive amount of time to send each message, eventually reaching a point where it did little but time out repeatedly. Logging into the server, we identified the culprit: a database handling pending messages was malfunctioning.

While we initially suspected overall message volume as the problem, we discovered the real issue was excessive connection attempts to the database from too many worker threads. The database was not configured to recover cleanly from this, nor to properly alert downstream connections about the situation. Our immediate solution was straightforward: we rebooted the database, scaled down worker count, and restored connections to a manageable state.

This left us with a challenging recovery: about 70,000 messages were stuck in limbo. Some were marked as pending but in reality had been sent, others were erroneously marked as sent, and so on.

Essentially, we entered a state where we couldn’t trust our sources of truth. Our standard operating procedure in such cases is to act conservatively. This meant isolating the affected server, shutting down its workers, leaving its messages as pending, and shifting traffic elsewhere—ensuring we didn’t worsen the situation or make decisions based on unreliable information.

This is what we did: traffic was shifted, the backlog queue was drained, and we resent only those emails we were certain had not gone out. Once the problematic server was cleared, we returned it to service.

How are we fixing it?

You might be wondering what we’re doing to improve things. The first step—already in progress as of this post—is to implement much more rigorous monitoring and alerting. Previously, we relied on broad integration-level metrics, which suffice for well-defined, obvious problems, but not for more nuanced or structural issues.

To be specific: we already had per-server alerts for pending or stuck messages, but these relied on an active database connection—which we didn’t have during this incident.

The broader effort is to give authors better visibility into delivery patterns. One of the worst experiences as an author is seeing an email marked as sent, but never receiving it. We intend to be more transparent about email states, so you can look into the dashboard and understand if delays or problems are happening.

Customer impact

During this incident, approximately 13,000 subscribers across 40 authors were affected. They experienced:

  • Delays of multiple hours before receiving messages
  • Not receiving emails at all (although we have since retried these deliveries)
  • Receiving duplicate emails

Looking ahead

Frankly, we’ve experienced too many incidents recently.

We’ve spent the last six months fixing bugs and improving stability at a granular level, but haven’t invested enough in end-to-end, infrastructure-wide reliability. These last few weeks have emphasized the need for this. Our primary responsibility is to reliably deliver your writing, and we’re now dedicating significant resources over the next six months to improve our observability, diagnostics, and resolution capabilities. If you’ve read this far, it’s probably out of frustration, not just curiosity—we know you’ve entrusted us with your work, and when we fall short, we take it seriously. We’re addressing this with urgency and commitment.