This section covers key terms and concepts related to email compliance, privacy regulations, and best practices for responsible email sending.
The CAN-SPAM Act is a law that regulates commercial email. It's a federal law, and it's enforced by the Federal Trade Commission. Buttondown is compliant with the CAN-SPAM Act.
Captcha is a genre of tools that are used to differentiate between human and machine input. This is done by presenting a challenge that is easy for humans to solve, but difficult for machines. The most common form of captcha is the image-based captcha, where the user is presented with an image containing some text, and is asked to type the text into a text box. The idea is that a human can easily read the text in the image, but a machine would have a hard time doing so.
(This is also known, more colloquially, as "the thing that makes you type in a bunch of squiggly letters to prove you're not a robot.")
For more information, see this lecture by John Mulaney.
A CFBL (or sometimes referred to as a CFL) is an acronym for "complaint feedback loop." It's a process by which recipients of an email can provide feedback to both their email provider and the sender of a given email that they think the email they received was spam.
If you're building out your own email platform from scratch, or using a close-to-the-metal piece of infrastructure like AWS or Sendgrid, you'll want to make sure that you have a way to ingest CFBL feedback and take action on it. Failure to do so can result in your being blacklisted by their email providers.
If you're using Buttondown — no need to worry at all. Buttondown automatically takes care of this for you by listening for CFBL feedback from all of your subscribers and automatically taking action on it, marking relevant subscribers as Complained.
Fun fact: RFC 9477 is a proposal to standardize this process and bake it into SMTP as a worldwide standard.
COI stands for Confirmed Opt-In, which is another term for double opt-in. It refers to the process of requiring subscribers to confirm their email address before they start receiving your newsletter.
The confirmation step typically involves:
COI is considered a best practice for email marketing because it ensures that subscribers genuinely want to receive your emails, reduces spam complaints, and helps maintain a healthy sender reputation. It's also required for compliance with regulations like GDPR in many jurisdictions.
Cold email is slang for an email that is sent to an email address that has not opted in to receive emails from you. "Cold email" is a phrase generally used in a pejorative sense, since response rates (and engagement overall) are much worse for cold emails than for regular emails. (Think about it from the perspective of someone emailing you: are you more likely to open an email from a business that you signed up to learn more about, or from someone you've never heard of?)
In general, Buttondown does not support cold email. We require all subscribers to double opt into their newsletter, and we reserve the right to offboard newsletters which appear to be skirting our terms of service in order to send cold emails. Additionally, the CAN-SPAM act prohibits many forms of cold email.
If you're interested in sharing more about your use case and checking to see whether or not Buttondown supports it, please contact us.
CORS stands for Cross-Origin Resource Sharing. It's a security feature that allows your browser to make requests to a different domain than the one that served the original page, but if you're on this page it means you're probably running into a CORS issue.
If you're trying to use the fetch API to make a request to Buttondown and getting back a CORS error, you've got one of two options:
no-cors when making the request. (This is unsafe and will break things like cookies, so don't do it unless you have a really good reason.)Double opt-in is a process that requires a subscriber to confirm their subscription before they can receive emails from you. It's a way to ensure that subscribers are actually interested in your content.
Single opt-in, conversely, does not require subscribers to confirm their subscription before they can receive emails from you. Single opt-in is allowed in certain use cases on Buttondown (for instance, if your subscribers are confirming their subscription on another platform such as Shopify or Stripe), but cold emails are not.
Buttondown does not allow you to disable double opt-in by default. This is for a few different reasons:
If you have a special use case that requires you to disable double opt-in, you can do so by contacting us.
The General Data Protection Regulation (or GDPR) is a set of laws that govern how companies can collect, store, and use personal data. Buttondown is GDPR-compliant.