Depending on your perspective, it's either very boring or very interesting to read about changes to how we do firewalling. Ideally, of course, you would need to know nothing about the firewall — we would simply always do the correct thing at all points in time, invisibly and imperceptibly.
But different people want different things, and especially where subscribers are concerned, we try to err on the side of transparency and customizability so any author can get the exact setup that works for them. With that context, I'd like to walk through a handful of new additions to bolster your newsletter against incoming spam.
Attack mode
Attack mode, which is enabled for all accounts by default, automatically and temporarily turns on our strongest set of firewall functionality if we detect a surge of spam traffic headed your way. We send you an email whenever this happens.
While you can disable attack mode, I highly encourage you to keep it on even if you want lower firewall settings: few things can cause more serious long-term damage to your deliverability than a spate of a couple hundred or thousand bad email addresses getting associated with your newsletter or domain.
Embedded fingerprinting
If enabled (it's disabled by default), this setting will heavily penalize any incoming subscribers who subscribe through one of your embedded forms but don't have a fingerprint. This is a bit convoluted, so it's best explained in the context of what it catches: a particular genre of attacker that loads your subscription form in an iframe and then mass signs up to it programmatically.
If all of these words are meaningless to you and you don't know what an iframe even is, you likely don't have to worry about this one.
Denied user agents
If you've set up a custom hosting domain, you can now supply a list of user agents to block — things like GPTBot or Facebook's crawler. We'll automatically turn this into a robots.txt file for you, as well as inject <meta name="robots"> tags to (ideally) protect your content from unwanted traffic. It pairs nicely with our custom click tracking domains if you're already being thoughtful about how your newsletter shows up on the web.
As always, head to your firewall settings to configure any of this, and don't hesitate to reach out if you have questions.