Acceptable Use Policy (AUP)

Last Updated: May 20, 2026
Effective Date: Immediately
Applies To:

• https://www.sendarix.com
• https://app.sendarix.com (Client Dashboard)
• All SMTP endpoints, Email API endpoints, dashboards, webhooks, analytics, suppressions, tracking, DNS/reputation tooling, accounts, users, integrations, and traffic sent through or connected to Sendarix

This AUP is incorporated into and forms part of the Terms of Service. Sendarix may interpret and enforce it in its reasonable discretion to protect the platform, recipients, mailbox providers, deliverability, reputation, legal compliance, and other customers.

This legal document is provided in English. If translations or localized summaries are made available, the English version controls to the maximum extent permitted by law.

---

1. Introduction and scope

This Acceptable Use Policy (“AUP”) defines permitted and prohibited use of Sendarix Services, including the Website, Client Dashboard, SMTP relay, Email API, tracking, webhooks, analytics, suppression tools, DNS and reputation tooling, support, billing, security monitoring, and abuse prevention features.

You are responsible for your users, employees, contractors, agents, affiliates, resellers, clients, subusers, integrations, and any third party using your account, credentials, domains, sending identities, or infrastructure. Abuse by any of them is treated as abuse by you.

Compliance with this AUP does not guarantee compliance with every applicable law or mailbox provider rule. You remain responsible for your own legal compliance, recipient notices, consent, opt-outs, and sending practices. Sendarix may impose stricter requirements than law or mailbox providers to protect platform reputation and deliverability.

---

2. Customer responsibility

You are responsible for all Customer Content, Recipient data, list sources, sender identities, domains, templates, links, attachments, webhooks, integrations, and traffic submitted through or connected to your Sendarix account.

You must ensure that every sender, client, affiliate, contractor, and integration using your account complies with this AUP, the Terms, the Privacy Policy, the DPA where applicable, and all laws and industry standards applicable to the traffic.

You must not use Sendarix in a way that endangers Sendarix, shared or dedicated infrastructure, Sendarix-owned domains or IPs, customer domains or IPs, mailbox provider relationships, recipients, affected brands, other customers, or the public.

---

3. Definitions

• “Abuse” means activity that violates this AUP, the Terms, law, mailbox provider rules, recipient rights, platform integrity, or Sendarix risk standards.
• “Affiliate/Third-Party Sender” means a client, affiliate, agency customer, reseller customer, contractor, subuser, or other person or entity sending through or benefiting from your Sendarix account.
• “Bulk Email” means email sent or attempted to be sent to multiple Recipients as part of a campaign, automation, import, list, sequence, or similar program.
• “Commercial Email” means email that promotes, markets, sells, solicits, refers, or advertises products, services, opportunities, events, content, investments, or offers, whether directly or indirectly.
• “Customer Content” means messages, templates, subject lines, headers, attachments, links, domains, sender identities, Recipient lists, suppression records, webhook payloads, and other materials or instructions submitted to or transmitted through the Service.
• “High-Risk Sending” means sending that presents elevated abuse, legal, complaint, blocklist, deliverability, reputation, fraud, security, sanctions, or operational risk.
• “Permission” means a legally valid basis to email a Recipient, including consent or another lawful basis where applicable, supported by records when required.
• “Recipient” means a person or mailbox address that receives, is targeted by, or is included in email traffic, suppressions, analytics, or related records.
• “Sender Identity” means From names, From addresses, reply-to addresses, domains, branding, display names, headers, envelope senders, tracking domains, bounce domains, and any other information that identifies or implies who is sending.
• “Suppression Data” means unsubscribes, opt-outs, complaints, bounces, block events, do-not-contact entries, suppression lists, and related records used to prevent unwanted or unlawful sending.
• “Unsolicited Email” means email sent without required Permission, lawful basis, recipient expectation, or opt-out handling.
• “Verified Domain” means a domain reviewed or configured for use with Sendarix, including required DNS, ownership, authentication, or sender checks.
• “Warmup” means a controlled sending ramp intended to establish or protect reputation; it is not permission to send abusive or non-compliant mail.

---

4. Prohibited email practices

Sendarix has no tolerance for spam, abuse, or sending practices that harm recipients, mailbox providers, Sendarix, or other customers. You must not send or facilitate:

• Spam, unsolicited bulk email, unsolicited commercial email where Permission or lawful basis is required, or Bulk Email that lacks appropriate opt-out and compliance controls
• Purchased, rented, scraped, harvested, brokered, appended, co-registered, third-party, or questionable lead lists unless Sendarix expressly approves the use and the use is lawful and documented
• List washing, suppression evasion, unsubscribe evasion, bounce evasion, complaint evasion, re-mailing suppressed Recipients, or importing lists without proof of origin, consent, or lawful basis when requested
• Email address guessing, dictionary attacks, list bombing, mail bombing, referral abuse, signup abuse, confirmation email abuse, or traffic designed to harass, overwhelm, or manipulate Recipients
• Sending to Recipients who opted out, complained, hard-bounced as invalid, are on a suppression list, or otherwise should not be contacted
• Sending to spam traps, role accounts, old or stale lists, invalid lists, or lists with no recent engagement where this indicates poor hygiene
• Bulk cold outreach without adequate lawful basis, accurate sender identification, working opt-out, and evidence of Permission where required

---

5. Prohibited content and campaigns

You must not send, host, link, redirect to, facilitate, or promote content or campaigns involving:

• Phishing, credential harvesting, spoofing, impersonation, brand abuse, deceptive login pages, social engineering, fake support notices, fake security notices, or fraudulent invoices
• Malware, ransomware, spyware, trojans, botnets, exploit kits, malicious attachments, malicious links, or instructions to compromise systems
• Fraud, scams, gift card scams, fake giveaways, pyramid schemes, Ponzi schemes, deceptive crypto/investment/get-rich-quick claims, or misleading financial opportunities
• Child sexual abuse material, sexual exploitation, trafficking, non-consensual intimate content, or sexual content involving minors
• Illegal weapons, illegal drugs, unlawful controlled substances, counterfeit goods, stolen goods, or illegal trafficking
• Terrorism, extremist violence, targeted harassment, credible threats, doxxing, hate campaigns, or incitement to violence
• Content that violates intellectual property, privacy, publicity, contractual, consumer protection, telecommunications, or other third-party rights
• Content illegal in jurisdictions relevant to Sendarix, the Customer, the sender, the Recipient, mailbox providers, infrastructure providers, or affected third parties

---

6. Restricted and high-risk use cases

The following categories are prohibited unless Sendarix gives prior written approval. Approval may be denied, limited, revoked, or conditioned on extra review, lower volume, stricter authentication, proof of Permission, template review, recipient restrictions, or immediate suspension if risk changes:

• Adult, escort, dating, or sexual content
• Gambling, betting, lottery, sweepstakes, contest promotions, or prize campaigns
• Crypto, tokens, NFTs, investment, securities, trading signals, get-rich-quick, MLM, affiliate schemes, or similar financial speculation
• Financial services, loans, debt relief, credit repair, insurance, tax relief, or other regulated financial claims
• Healthcare, pharmaceuticals, supplements, medical claims, miracle cures, weight loss, regulated health products, or sensitive wellness claims
• Political campaigns, issue advocacy, election-related communications, public-sector communications with impersonation risk, or government-related messaging
• Lead generation, affiliate marketing, sponsored offers, co-registration traffic, high-volume cold outreach, sales automation, recruiting outreach, or scraped B2B prospecting
• Regulated products or services requiring licenses, age gates, professional qualifications, or jurisdiction-specific approvals
• Any category with elevated complaint, blocklist, legal, sanctions, fraud, deliverability, or reputation risk

---

7. Sender identity, consent, and list hygiene requirements

• Maintain records showing Permission, lawful basis, list source, collection date, collection method, privacy notice, and opt-in details where applicable, and provide them promptly on Sendarix request
• Honor unsubscribe, opt-out, complaint, bounce, and suppression requests promptly and within legally required timelines
• Include working unsubscribe or preference management in Commercial Email where required
• Include accurate Sender Identity, physical/contact details where required, truthful headers, truthful routing information, non-deceptive subject lines, and content that accurately reflects the message purpose
• Accurately distinguish transactional, marketing, lifecycle, security, billing, and other email types; do not disguise marketing as transactional, security, account, invoice, or legal notice email
• Maintain suppression lists and apply them before sending; remove hard bounces, risky Recipients, and complaint-driven suppressions
• Monitor complaint, bounce, unsubscribe, block, deferral, engagement, and abuse metrics and maintain list hygiene appropriate to your traffic type

---

8. Authentication and technical requirements

• SPF and DKIM are required for production traffic unless Sendarix expressly allows otherwise for a specific use case
• DMARC alignment is required where Sendarix or mailbox provider rules require it and is strongly recommended generally
• You must maintain valid DNS, domain verification, return-path/bounce configuration, tracking domains where used, TLS for supported SMTP submission where available or required, and accurate HELO/EHLO, envelope sender, From, Reply-To, bounce handling, and routing information
• You must use only documented SMTP ports, APIs, SDKs, authentication methods, and supported integration patterns
• You must not forge headers, use deceptive routing, obscure the true sender, or use third-party domains, brands, trademarks, or Sender Identities without authorization
• Sendarix may require additional DNS, authentication, sender verification, domain review, webhook signing, tracking domain, return-path, TLS, Warmup, or configuration steps before or during production sending

---

9. Volume, warmup, and review

• Sendarix may require onboarding review, domain review, traffic review, KYC/KYB-style or business verification, use-case review, template review, list-source review, proof of Permission, or customer/client disclosure before or during sending
• New, dormant, low-reputation, high-risk, high-volume, or materially changed senders may be subject to sandboxing, manual approval, ramp schedules, volume caps, rate limits, content review, recipient-domain caps, region/country restrictions, or feature restrictions
• Sudden spikes, abnormal patterns, poor metrics, mailbox provider blocks, spam trap hits, blocklists, or complaints may trigger automatic throttling, pausing, review, sandboxing, or suspension
• Plan limits are not a guarantee that you may send that volume. Actual permitted sending may be lower based on risk, reputation, compliance, technical capacity, mailbox provider behavior, infrastructure conditions, or Sendarix review

---

10. Quality and reputation standards

Sendarix may act when signals indicate poor list quality, risky traffic, recipient harm, provider friction, or reputation damage. Exact thresholds may vary by plan, region, mailbox provider, sender history, traffic type, industry, risk profile, and platform conditions, and Sendarix may act before any fixed threshold is reached.

• Spam complaint rates above responsible norms for the traffic type
• Hard bounce or invalid recipient rates indicating poor list quality
• Repeated soft bounces, deferrals, blocks, spam trap hits, blocklist listings, provider sanctions, or temporary/permanent rejections
• Low engagement combined with high volume, cold traffic, stale lists, or aggressive automation
• Unsubscribe spikes, abuse reports, recipient complaints, brand complaints, or abuse desk escalations
• Failed authentication, DMARC alignment issues, DNS instability, mismatched domains, or inconsistent sender identity
• Mismatch between declared use case and actual traffic

You must not engage in snowshoeing, rotating domains, IPs, sender identities, brands, or accounts to evade reputation systems, Sendarix limits, mailbox-provider rules, blocklists, throttles, suspensions, or review. You must not use fake Warmup, artificial opens, clicks, replies, bot engagement, lookalike domains, deceptive From names, filter-evasion testing, or repeated domain/IP abandonment after reputation damage.

---

11. Security and infrastructure misuse

You must protect API keys, SMTP credentials, passwords, webhooks, admin accounts, subuser accounts, domains, and integrations. Use MFA/2FA where available, rotate keys after suspected compromise, restrict access by least privilege, and notify abuse@sendarix.com or support immediately of leaked keys, suspicious sending, compromise, or unauthorized account access.

• Credential stuffing, password spraying, brute force, enumeration, probing, scanning, stress testing, DDoS, or load testing without written approval
• Exploiting vulnerabilities, attempting unauthorized access, bypassing authentication, bypassing metering, bypassing rate limits, or interfering with other customers or the platform
• Operating open relays, sharing credentials publicly, allowing unauthorized third-party sending, scraping the Dashboard/API except through documented APIs, reverse engineering, or circumventing security controls
• Using Sendarix to test spam filters, evasion tactics, phishing kits, malware delivery, blocklist avoidance, or deliverability of abusive campaigns

---

12. Agencies, resellers, affiliates, and third-party senders

You may not resell, sublicense, pool, white-label, or provide access to Sendarix as a hidden sending backend for third parties unless Sendarix expressly approves that model in writing.

If you send on behalf of clients, customers, affiliates, agencies, or other third parties, you are fully responsible for their traffic, lists, content, domains, compliance, metrics, and abuse. You must bind them to rules at least as protective as this AUP.

Sendarix may require disclosure of the true sender, client, campaign owner, domains, list source, business identity, and use case. Abuse by a client, affiliate, reseller, contractor, or subuser is treated as abuse by you.

---

13. Monitoring, investigation, and evidence

Sendarix may monitor and analyze metadata, headers, authentication results, delivery events, bounce/complaint data, URLs, domains, attachments, content samples, templates, webhooks, API behavior, account activity, security events, and traffic patterns using automated and manual review where appropriate.

Sendarix may inspect, copy, retain, or preserve message samples, abuse evidence, security evidence, and related records where needed for security, abuse prevention, deliverability protection, support, compliance, legal requests, enforcement, dispute resolution, or defense of legal claims, including beyond the standard operational log retention period described in the Privacy Policy and DPA.

Sendarix may request proof of Permission, list source, campaign purpose, business identity, authorization to use domains or brands, template samples, privacy notices, unsubscribe flow, suppression practices, and customer/client identity. Failure to provide requested information may result in enforcement.

Where permitted or required by law and consistent with the Privacy Policy and DPA, Sendarix may share relevant abuse indicators with mailbox providers, blocklist operators, infrastructure providers, affected brands, law enforcement, regulators, or other parties involved in preventing or investigating abuse.

---

14. Enforcement and consequences

Sendarix may act with or without prior notice depending on severity, risk, legal requirements, infrastructure impact, or provider requirements. Remedies are cumulative and do not limit Sendarix’s rights under the Terms, law, or equity.

• Reject, block, defer, quarantine, delete, or refuse messages
• Throttle, rate-limit, cap, sandbox, pause, reroute, or restrict sending
• Disable API keys, SMTP credentials, domains, tracking links/domains, webhooks, templates, accounts, subusers, or features
• Require remediation, re-verification, list cleaning, suppression cleanup, domain changes, proof of Permission, reduced volume, new Warmup, or written assurances
• Suspend or terminate accounts or services; remove access to dedicated or shared IPs or sending pools; refuse future service
• Preserve evidence and report abuse indicators to providers, blocklists, authorities, affected brands, or affected third parties where appropriate
• Charge investigation or remediation costs where allowed by the Terms or law
• Deny refunds, credits, unused balances, unused subscriptions, or unused credits where enforcement relates to breach, abuse, risk, illegal conduct, chargeback/fraud, or AUP violation, to the maximum extent permitted by law

---

15. Appeals and remediation

You may contact support or abuse@sendarix.com to request review of an enforcement action. Sendarix is not required to reinstate service or disclose detection methods, thresholds, provider reports, confidential evidence, or third-party reports.

Reinstatement may require remediation, proof of compliance, list removal, suppression cleanup, domain authentication, new Warmup, reduced volume, business verification, template changes, security fixes, or written assurances acceptable to Sendarix.

Severe abuse, illegal conduct, repeated violations, payment or fraud risk, compromised infrastructure, or high risk may result in permanent termination without appeal.

---

16. Reporting abuse

Report abuse to abuse@sendarix.com. Where safe and available, include full message headers, message body or sample, recipient address if relevant, sending domain/IP, timestamps and timezone, URLs, screenshots, and an explanation of why the message is abusive.

We investigate credible reports, but we may not be able to disclose investigation status, enforcement actions, customer details, provider details, or outcomes.

---

17. Relationship to Terms, Privacy Policy, and DPA

This AUP is part of the Terms of Service. Sendarix’s monitoring and enforcement practices are further described in the Privacy Policy. Where Customer personal data is processed by Sendarix as processor, the DPA applies.

You remain responsible for Recipient privacy notices, consents, lawful basis, opt-outs, suppression handling, and legal compliance. If there is a conflict about prohibited sending or abuse, this AUP controls for that subject matter unless a signed agreement expressly states otherwise.

---

18. Changes

Sendarix may update this AUP by posting a revised version on www.sendarix.com, in the Dashboard, or by giving notice where practicable. Changes may take effect immediately for security, abuse, legal, deliverability, provider, or infrastructure reasons.

Continued use after the effective date constitutes acceptance where permitted by law. If you do not agree, you must stop using the Service.

---

19. Contact

Abuse: abuse@sendarix.com
Legal: legal@sendarix.com
Privacy: privacy@sendarix.com
Dashboard: app.sendarix.com for account, support, and billing controls where available.