Dealing with incoming spam is one of the most annoying things about Buttondown, and I mean that both from the perspective of an author using it and from the perspective of me, the person who helps run it.
As Buttondown grows and scales, the volume of incoming spam has concomitantly grown even more than that. The number of surfaces we've had to look at and harden in an intuitive, cohesive way has increased. We've got form endpoints, API endpoints, archived pages, comments sections, and more. One of the things we've historically done a pretty poor job at is surfacing a lot of this nuance and complexity. You, as an author, might get a report from someone who tried and failed to subscribe, and you have no idea or way to link it to the issue. Similarly, if you wake up and find a batch of pretty sus-looking subscribers in your inbox, you're not really sure what to do or how they got there.
So we've added a new feature: the Firewall. (Fancy, I know.)
Our goal with the Firewall is to provide you with two main knobs to tune how you want to deal with spam: how aggressive Buttondown should be at blocking spam, and what to do if we do block someone. You're now afforded the ability to set a threshold at which we should block someone, and to retain blocked subscribers for manual review.
You can read a bit more about the technical details behind the Firewall in the docs. We plan on adding more nuance and complexity to the Firewall in the future, but we're starting with these two knobs — frankly, because we know that for some of y'all this problem has been a source of pain for a long time, and we'd rather ship something of value than faff around designing out a rules-based engine or whatever.
The Firewall (which I cannot stop capitalizing, for some reason) is out today, and free for all newsletters. This launch doesn't coincide with any changes to how we handle auditing, your existing settings have been honored.