AlecRae

Legal

Acceptable Use Policy

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

Violations of this policy may result in immediate account suspension or termination without refund. AlecRae actively monitors all sending activity using AI-based automated enforcement systems.

1. Purpose

This Acceptable Use Policy ("AUP") governs acceptable use of the AlecRae platform and all associated services. This AUP supplements our Terms of Service and applies to all users, including those using the API or SDK. AlecRae's mission is to maintain the highest deliverability and reputation standards for all customers. Violations by any single user can damage the platform's shared infrastructure and reputation, impacting all users.

AlecRae reserves the right to determine, in its sole discretion, whether any use violates this AUP and to take action accordingly, including suspension or termination of the offending account.

2. Prohibited Content

You must not use the Service to send, store, or distribute any of the following:

(a) Spam. Unsolicited bulk email or unsolicited commercial email sent to recipients who have not provided affirmative consent.
(b) Phishing and Spoofing. Emails designed to fraudulently obtain personal information, credentials, or financial data through deception. Emails that impersonate another person, organization, or service.
(c) Malware. Emails containing viruses, trojans, ransomware, spyware, worms, or any other malicious software, or links to sites distributing such software.
(d) Illegal Content. Content that violates any applicable law, including but not limited to content promoting illegal activities, drug trafficking, weapons trafficking, or human trafficking.
(e) Harassment. Threats, intimidation, stalking, hate speech, or content intended to harass, abuse, or harm any individual or group.
(f) Fraud. Advance-fee scams, lottery/prize scams, investment fraud, identity theft schemes, or any content designed to deceive recipients for financial gain.
(g) Impersonation. Falsely representing yourself as another individual, company, or organization, including AlecRae or its employees.
(h) Child Safety Violations. Any content that exploits, endangers, or sexualizes minors, or that distributes adult content to individuals under 18.
(i) Pyramid and MLM Schemes. Content promoting pyramid schemes, multi-level marketing schemes with primary emphasis on recruitment, or Ponzi schemes.
(j) Counterfeit Goods. Marketing or selling counterfeit, pirated, or stolen goods or services.

3. Prohibited Sending Practices

The following sending practices are strictly prohibited:

(a) Using purchased, rented, borrowed, scraped, harvested, or appended email lists. All recipients must have provided consent directly to you.
(b) Dictionary attacks — sending to programmatically generated email addresses to discover valid addresses.
(c) Snowshoe spamming — distributing sending volume across many IPs, domains, or accounts to evade detection and reputation systems.
(d) Using deceptive, misleading, or false information in email headers, From addresses, Reply-To addresses, or subject lines.
(e) Sending commercial or marketing email without a clearly visible, functional, and easy-to-use unsubscribe mechanism.
(f) Appending email addresses to mailing lists without the explicit, verifiable consent of each individual address owner.
(g) Using open relays, open proxies, or compromised third-party systems to send email through the Service.
(h) Sending to role-based addresses (e.g., info@, admin@, webmaster@) for marketing purposes without explicit consent from a named individual.
(i) Creating multiple accounts or using multiple domains to circumvent sending quotas, rate limits, or enforcement actions.
(j) Deliberately sending to known invalid addresses to test or probe the platform's bounce handling.

4. Anti-Spam Compliance

You must comply with all applicable anti-spam legislation in every jurisdiction where your recipients are located. At a minimum:

CAN-SPAM Act (United States):

Include a valid physical postal address in every commercial email.
Clearly identify the message as an advertisement or solicitation where required.
Use honest, non-deceptive subject lines that reflect the content of the message.
Include a clear and conspicuous opt-out mechanism that processes requests within 10 business days.
Monitor and be responsible for sending performed by any third party on your behalf.

GDPR (European Union / EEA / UK):

Obtain explicit, freely given, specific, informed, and unambiguous consent before sending marketing email to individuals in the EEA/UK.
Maintain auditable records of consent, including when, how, and what the individual consented to.
Provide a mechanism for easy withdrawal of consent that is as simple as the mechanism used to provide consent.
Honor data subject rights including access, rectification, erasure, and portability.

CASL (Canada):

Obtain express consent (with proper disclosure of sender identity and purpose) before sending commercial electronic messages to Canadian recipients.
Include prescribed identification information and a functional unsubscribe mechanism.
Understand and comply with implied consent limitations and expiration periods (6 months for inquiries, 24 months for existing business relationships).

Recommended Best Practice:

Use confirmed opt-in (double opt-in) for all mailing lists. While not legally required in all jurisdictions, confirmed opt-in provides the strongest evidence of consent and significantly reduces spam complaints and deliverability issues.

5. Authentication Requirements

All sending domains must maintain proper email authentication. Failure to maintain authentication may result in immediate suspension of sending privileges.

(a) SPF. You MUST publish a valid SPF record for every domain used to send email through the Service that authorizes AlecRae's sending infrastructure.
(b) DKIM. All outbound email MUST be signed with a valid DKIM signature using keys provisioned by the Service.
(c) DMARC. You MUST publish a DMARC policy for every sending domain (minimum p=none for initial setup, with a path toward p=quarantine or p=reject).
(d) Domain Verification. You MUST use only verified sending domains. Sending from unverified domains is prohibited.
(e) Reverse DNS. Sending IPs must have valid reverse DNS (PTR) records. AlecRae manages this for shared IPs; dedicated IP customers must verify reverse DNS configuration.
(f) Automated Configuration. AlecRae provides automated authentication configuration. If you opt out of automated configuration, you assume full responsibility for maintaining valid records.

6. List Hygiene Requirements

Maintaining clean mailing lists is essential for platform deliverability. You must:

(a) Remove hard-bounced email addresses immediately after the first hard bounce. Continued sending to hard-bounced addresses is grounds for suspension.
(b) Remove soft-bounced email addresses after three (3) consecutive soft bounce failures within a 30-day period.
(c) Process and honor unsubscribe requests within 24 hours for automated systems, or within 10 business days for manual processing. AlecRae provides automated unsubscribe handling — use it.
(d) Maintain a global suppression list that includes all unsubscribed, bounced, and complained addresses. Never re-add suppressed addresses without fresh, verifiable consent.
(e) Conduct regular list cleaning at minimum quarterly intervals, removing inactive subscribers and invalid addresses.
(f) Implement engagement-based sunsetting: remove recipients who have not opened or clicked any email in 12 months, or conduct a re-permission campaign before continuing to send.
(g) Never re-activate suppressed email addresses without obtaining new, verifiable, explicit consent from the address owner.

7. Rate Limiting and Throttling

(a) You must respect all platform-imposed sending limits as defined by your subscription plan and any additional limits applied by the platform.
(b) You must not circumvent rate limits or throttling through any means, including distributing sends across multiple accounts, using multiple API keys, or manipulating request timing.
(c) Domain-based and IP-based sending limits may be applied independently of account-level limits to protect shared infrastructure reputation.
(d) Burst sending (sending a high volume in a very short period) may be automatically throttled to protect deliverability.
(e) New accounts and newly verified domains are subject to warm-up sending limits that gradually increase over time. Do not attempt to bypass warm-up limits.

8. Network Security

You must not use the Service to conduct or facilitate any of the following:

(a) Port scanning, network enumeration, or network reconnaissance of AlecRae infrastructure or any third-party systems.
(b) Vulnerability testing, penetration testing, or security testing of the Service without prior written authorization from AlecRae. Report vulnerabilities responsibly to security@alecrae.com.
(c) Distributed denial of service (DDoS) attacks, traffic flooding, or any activity intended to disrupt the availability of the Service or any third-party service.
(d) IP address spoofing, ARP spoofing, or DNS spoofing.
(e) Unauthorized interception, monitoring, or collection of network traffic.
(f) Exploitation of any vulnerability in the Service. If you discover a vulnerability, you must report it immediately to security@alecrae.com and must not exploit or disclose it.

9. AI System Integrity

Attacks on our AI systems threaten the security of all users. Violations of this section may result in immediate termination and referral to law enforcement.

(a) You must not conduct adversarial attacks against spam classifiers, phishing detectors, or any other AI-based security system, including crafting content specifically designed to evade detection.
(b) You must not attempt to poison, corrupt, or manipulate AI training data by sending content designed to influence model behavior.
(c) You must not reverse engineer, extract, distill, or otherwise attempt to derive the architecture, weights, training data, or decision boundaries of any AI model used by the Service.
(d) You must not use AI composition features to generate phishing emails, social engineering content, fraudulent communications, or any deceptive content.
(e) You must not conduct automated probing, enumeration, or testing to determine AI classification thresholds, confidence scores, or decision boundaries.
(f) You must not exploit AI features to bypass content policies, rate limits, or any other platform restrictions.

10. Monitoring and Enforcement

AlecRae actively monitors all email traffic for compliance with this AUP. By using the Service, you acknowledge and consent to this monitoring.

(a) Automated Monitoring. AI-based systems continuously analyze outbound email for content policy violations, sending pattern anomalies, bounce rate spikes, complaint rate increases, and authentication failures.
(b) Graduated Enforcement. For most violations, AlecRae follows a graduated enforcement process:

Step 1: Written warning with 48-hour remediation window.

Step 2: Sending volume throttled to 50% of plan limits.

Step 3: Sending suspended pending review and remediation plan.

Step 4: Account terminated.

(c) Immediate Termination. AlecRae reserves the right to bypass the graduated process and immediately terminate accounts engaged in phishing, malware distribution, fraud, child exploitation, or any activity posing an immediate threat to platform infrastructure or users.
(d) Discretion. AlecRae reserves the right to skip steps in the graduated process based on the severity, intent, and impact of the violation.

11. Bounce and Complaint Thresholds

You must maintain sending metrics within the following thresholds:

Hard Bounce Rate

Below 2%

Complaint Rate

Below 0.1%

Spam Trap Hits

Zero Tolerance

Unsubscribe Rate

Monitor if above 1%

(a) Exceeding any threshold triggers automatic throttling of your sending volume.
(b) Persistent violations (three or more incidents within a 30-day period) result in account suspension pending review.
(c) Spam trap hits indicate fundamental list quality issues. Any spam trap hit will be investigated and may result in immediate suspension.
(d) You are responsible for monitoring your own metrics via the analytics dashboard and taking corrective action before thresholds are reached.

12. Reporting Abuse

To report violations of this AUP or any abuse originating from the AlecRae platform:

Email: abuse@alecrae.com

Include: full email headers, message content, timestamps, and any other relevant evidence.

AlecRae will investigate all reports within 24 hours of receipt. Reporter identity is kept confidential. AlecRae participates in feedback loops (FBLs) with all major ISPs and processes complaints automatically.

13. Consequences of Violation

(a) Immediate suspension or termination of sending privileges and/or account access.
(b) No refund of prepaid fees for accounts terminated due to AUP violations.
(c) Data retained for 30 days post-termination for legal and compliance purposes, then permanently deleted.
(d) AlecRae reserves the right to report violations to law enforcement, regulatory authorities, and industry anti-abuse organizations including MAAWG (Messaging, Malware, and Mobile Anti-Abuse Working Group), Spamhaus, and relevant ISP abuse teams.
(e) Domains and IPs associated with terminated accounts may be permanently blocklisted from the platform.
(f) AlecRae may seek damages and injunctive relief for violations that cause harm to the platform, its infrastructure, or its users.

14. ISP-Specific Requirements

In addition to general anti-spam compliance, you must comply with the sender requirements published by major mailbox providers:

(a) Google. Comply with Google's Email Sender Guidelines, including bulk sender requirements for senders of 5,000+ messages per day to Gmail (one-click unsubscribe, DMARC authentication, low spam rate).
(b) Yahoo/AOL. Comply with Yahoo Sender Best Practices and AOL Postmaster guidelines, including authentication and complaint rate requirements.
(c) Microsoft. Comply with Microsoft's Outlook.com Postmaster guidelines and participate in SNDS (Smart Network Data Services) and JMRP (Junk Mail Reporting Program) where applicable.
(d) List-Unsubscribe. All marketing and bulk email MUST include both List-Unsubscribe and List-Unsubscribe-Post headers per RFC 8058, supporting one-click unsubscribe.

15. Cooperation and Accountability

(a) You must cooperate fully with any AlecRae investigation into potential AUP violations, including providing information about your sending practices, list sources, and consent records within 48 hours of request.
(b) You must respond to abuse complaints forwarded by AlecRae within 48 hours and take corrective action as directed.
(c) You must implement corrective measures recommended or required by AlecRae within the specified timeframe.
(d) Failure to cooperate with investigations or implement corrective measures constitutes an independent ground for immediate account termination.
(e) You acknowledge that your sending practices affect the deliverability and reputation of all AlecRae users on shared infrastructure, and you accept responsibility for maintaining sending practices that protect the platform community.

Questions about this Acceptable Use Policy should be directed to abuse@alecrae.com or legal@alecrae.com. This policy is reviewed and updated regularly to address evolving threats and regulatory requirements.