Get started
Legal

Anti-Spam Policy

Mailapp's sender reputation is the asset that makes the platform work. We take spam personally. This page sets the rules. They are not aspirational — every paragraph corresponds to a check our platform enforces automatically.

Effective · May 27, 2026
Last updated · May 27, 2026
Plain-language summary · Always at top of each section
0

The 60-second version

In plain English

No buying lists. No deceptive subject lines. Send only to people who asked for it. Authenticate every sending domain (SPF, DKIM, DMARC). Honour every unsubscribe within seconds. Keep complaint rates below 0.3%. Or we suspend.

  • You must have permission for every recipient.
  • You must identify yourself, including a postal address.
  • You must give an immediate, working unsubscribe.
  • Your sending domains must pass SPF, DKIM (2048-bit), and DMARC alignment.
  • Complaint rate above 0.3% triggers automatic review; above 0.5% triggers suspension.
1

What we consider spam

In plain English

Anything unsolicited, deceptive, or unwanted by the recipient — even if you didn't intend to spam.

For the purposes of this policy, "spam" includes any of the following, whether or not your jurisdiction has a specific anti-spam law:

  • Sending commercial email to recipients who have not given permission;
  • Sending to email addresses harvested, scraped, purchased, rented, traded, or otherwise acquired without direct consent;
  • Sending to role addresses (info@, sales@, admin@) en masse without prior business relationship;
  • Continuing to send to a recipient after they have unsubscribed or complained;
  • Sending content that misrepresents the sender, subject, intent, or origin of the message;
  • Hiding or omitting the sender's postal identity;
  • Using a Mailapp account to send through an external relay or test mailing-list resilience.
2

Permission and consent standards

In plain English

GDPR and CASL effectively require opt-in. CAN-SPAM tolerates opt-out — Mailapp does not. We require demonstrable consent or a clear business relationship for everyone.

Acceptable bases for sending

  • Express opt-in. The recipient submitted a form or checked a box opting in to your marketing emails. We log the source, IP, timestamp, and form URL.
  • Double opt-in (required for EU/UK/Brazil/Canada). The recipient confirmed their address by clicking a verification link.
  • Existing customer relationship. The recipient bought from you within the last 24 months and you provided a clear notice at the point of sale.
  • Soft opt-in (UK PECR). Recipient provided their email during a negotiation for a similar product, with a clear opt-out at every touchpoint.

Not acceptable

  • Lists purchased, rented, or scraped.
  • Lists acquired in an M&A transaction unless the recipients gave consent specifically transferable to the acquirer.
  • Public-domain or LinkedIn-scraped email addresses.
  • Conference attendee lists obtained without a notice that emails would be sent by you.
3

Content rules

In plain English

Identify yourself honestly. Use accurate subject lines. Make unsubscribing obvious.

  • Include the sender's legal business name and a valid postal address (CAN-SPAM, CASL, GDPR).
  • Subject lines and pre-headers must accurately reflect the content of the email.
  • Mark commercial communications as advertisements where required by local law (e.g., "Ad" tag for unsolicited commercial email in certain jurisdictions).
  • Provide a working, clearly-visible unsubscribe mechanism in every commercial email. Mailapp also adds one-click List-Unsubscribe headers (RFC 8058) automatically.
  • Unsubscribe must take effect within ten business days of the request (CAN-SPAM); Mailapp processes most within 5 seconds.
  • You must not require login, payment, or completion of a form to unsubscribe.
4

Authentication

In plain English

Email authentication is not optional. Mailapp requires SPF, DKIM, and DMARC alignment for every sending domain.

  • SPF record on every sending domain.
  • DKIM with RSA 2048-bit keys, rotated annually.
  • DMARC at policy p=quarantine or stricter for high-volume senders (Yahoo/Google 2024 requirement).
  • BIMI recommended where eligible (Verified Mark Certificate).
  • Mailapp signs every outbound message and refuses to send from a domain that fails alignment.
5

List hygiene

In plain English

Bounces, complaints, and old addresses are deplatforming risk. Mailapp scrubs automatically; you must not undo the scrubs.

  • Hard bounces are automatically added to your suppression list; you must not re-add them.
  • Soft bounces are retried; after a threshold, they convert to hard bounces and are suppressed.
  • Spam complaints are immediately suppressed.
  • Recipients who haven't engaged in 12+ months should be flagged for re-engagement or removal (we'll surface them automatically).
  • Suppression lists are global per workspace and cannot be exported with raw addresses for use outside Mailapp.
6

Platform thresholds

In plain English

Hard numbers. Hit them and we'll throttle, review, or suspend. These are the same numbers Gmail/Yahoo use, plus our own internal cushion.

Metric
Healthy
Review
Suspension
Spam complaint rate (Postmaster Tools)
< 0.10%
0.10%–0.29%
≥ 0.30% sustained
Hard bounce rate (rolling 30d)
< 2.0%
2.0%–4.9%
≥ 5.0%
Unsubscribe rate
< 0.5%
0.5%–1.5%
Manual review
Authentication failures
0%
Any consistent failure
Domain disabled
Sender domain age (new domain)
Warmed
Volume spikes 10x baseline
Capped while warming
7

Global compliance

In plain English

Mailapp helps you with multiple jurisdictions — but you remain the sender, so you remain responsible.

Jurisdiction
Law / framework
Key requirements
United States
CAN-SPAM Act
Accurate identification, no deceptive subject, postal address, working opt-out within 10 days.
European Union / EEA
GDPR + ePrivacy Directive (and Member State law)
Consent or legitimate interest, granular opt-in for B2C, easy opt-out, legal basis logging.
United Kingdom
UK GDPR + PECR
Soft opt-in allowed for existing-customer marketing of similar products.
Canada
CASL
Express consent (with exceptions), full sender identification, unsubscribe within 10 days.
Australia
Spam Act 2003
Consent (express or inferred), identification, functional unsubscribe within 5 days.
Brazil
LGPD + Marco Civil
Express consent for marketing, easy revocation, sensitive-data limits.
California
CCPA / CPRA
Opt-out of sale/share (already 'no' for Mailapp), accessible privacy notice.
Japan
Act on Specified Commercial Transactions
Express opt-in for commercial email, identification.
Singapore
PDPA + Spam Control Act
Opt-out mechanism, accurate header, unsolicited bulk restrictions.
8

How we enforce

In plain English

Detection is automated and continuous. Enforcement is graduated except for the worst behaviour, where it is immediate.

  • Mailapp continuously monitors complaint rates, bounce rates, authentication, content patterns, and reputation signals from major receivers.
  • Crossing a threshold triggers an automated review, a human review, throttling, suspension, or termination — proportional to severity and history.
  • Phishing, malware, or fraud sent through Mailapp is suspended on detection and reported to relevant authorities.
  • If you operate at the edge of these rules, your CSM can pre-approve campaigns and warm-up plans.
9

Report spam sent via Mailapp

In plain English

If you received a Mailapp-routed email you didn't ask for, we want to know.

Forward the email with full headers to hello@mailapp.app. We investigate every report within 24 hours. If the report is valid, we'll suspend the sender and add the recipient to a global suppression list so they cannot be re-added.

Questions about this document?

Our legal and privacy team responds within two business days.

hello@mailapp.app
Need a signed copy?

DPAs, BAAs, and SCCs are available without negotiation on every paid plan.

Request signed document
Exercise your rights

Access, export, correct, or delete your personal data — at any time, free of charge.

Submit a request