Maropost – Acceptable Use Policy

Effective Date: June 15, 2021

At Maropost, we want our customers to only send emails to contacts who truly want to receive them, otherwise, they’re sending spam. That’s why we require you to have permission from all of your contacts in order to email them. There are a few rules to be aware of when it comes to the types of email addresses you can are able to send emails to and the types of permission you are granted for sending to them. This Acceptable Use Policy (“AUP”) describes activities that are not allowed in connection with your use of the Services. The AUP is incorporated by reference in your Agreement.

Email
Overview
Maropost and its partners only support permission-based and lawful email/mobile marketing practices that comply with but are not limited to regulations such as Canadian Anti-Spam Laws (“CASL”), United States Controlling the Assault of Non-Solicited Pornography and Marketing or (“CAN-SPAM“) Act, United States Telephone Consumer Protection Act (TCPA), or privacy regulations like General Data Protection Regulation (GDPR).

Closed-Loop Authentication List Building
Maropost products enable clients to put an ‘opt-in’ form on their website. This feature collects and stores the email addresses of permission-based recipients. All Maropost products also have an option to use closed-loop authentication: an email address is not added to the recipient list until a link is clicked in the confirmation email. This process is implemented completely by the software.

Contact List Abuse Prevention
Maropost technology automatically screens email campaigns for indicators of potential problems such as blacklisting and high spam scores. Any Maropost account email campaign that surpasses a threshold is automatically suspended until the Postmaster reviews and clears it.

To protect Maropost’s reputation, and that of its clients, Maropost offers to help new customers upload their first large email distribution list. This service allows Maropost to view the contents of an email distribution list, with the customer’s permission. In addition, Maropost helps first time customers run a sample email campaign to a few select recipients from their list before sending it to the rest.

Software Control Tools
Maropost provides its customers with certain tools to assist in compliance with Email and Privacy regulations. For example, Maropost products independently add an unsubscribe option to each email sent. Unsubscribes can be requested via a link in each email that goes to a landing page where users can unsubscribe from all or some lists.

This option cannot be removed by the customer; however, they can choose how it will be phrased. Anyone who unsubscribes will be automatically flagged in the database and their email address will be suppressed from all future mailings. Unsubscribe status can not be overwritten by list merging. To further protect recipients from email abuse, contacts receiving emails sent using the Maropost products will only see their names in the ‘To’ field. No other recipients’ email addresses are visible.

Email Sending Practices
Maropost honors ISP and Mailbox providers policies (restrictions on the number of connections, speed of sending servers, open relay off, reverse DNS enabled, RFC compliance). Authentication standards, such as sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) are used for outgoing email campaigns. Maropost products distinguish between soft and hard bounces. Hard bounces (bad email addresses) are immediately flagged and suppressed from future mailings.

Suppression File Encryption
Maropost supports suppression file encryption. Suppression file abuse is a significant source of spam. The simple act of encrypting these files makes this sort of abuse more difficult. The Email Sender and Provider Coalition (ESPC) has implemented a membership requirement that members should support MD5 suppression file encryption. It is our hope that adoption of this standard will not only help reduce spam but also drive broader encryption adoption within the industry. You can read more by clicking here.

Dealing with Complaints
As customers use Maropost systems, the number of complaints they receive is tracked by an internal reputation and tracking system. Customers with a high number of complaints may be subject to list upload restrictions. Larger lists are uploaded not by the customer, but by Maropost upon the customer’s instruction, and may be subject to manual scrutiny.

When a complaint is received the following process is followed:

User addresses from complaints received via ISP or Mailbox providers Feedback Loops (FBLs) are automatically unsubscribed. Complaints received directly from end-users or via third-party sources like SpamCop, are reviewed by our Postmaster team and the account is subject to suspension. The user address is unsubscribed (manually added to the account’s Do Not Mail list) and we track such reports. We may ask our customers to provide proof of consent in such cases. We may also ask our customers to reconfirm their lists, as needed.

Maropost reserves the right to assess a fee against clients of up to, the greater of $1,000 and 10% of their monthly fees, for each account suspension caused by the client delivering emails that are reasonably deemed unacceptably spam or bounce heavy by Maropost, including, without limitation, due to complaints arising from Blocklists like Spamhaus, SURBL listings, mailbox providers or similar organizations, services or lists. These fees are cumulative if issues continue. These fees, which represent liquidated damages and not a penalty or fine, will be chargeable upon each incident of spam complaint or reasonable apprehension of spam heavy content. In addition to the above, and without prejudice to Maropost’s entitlement to fees owing under a subscription agreement, Maropost may, at its sole discretion, terminate the customer accounts of repeat, or otherwise egregious, offenders hereunder.

End users should only receive emails from our system sent on behalf of our customers that they recognize opting in to. We do not allow any customer to use our platform to send unsolicited emails.

If you have received an unsolicited email from one of Maropost’s customers, please contact abuse@maropost.com.

Acceptable Guidelines for Customers
Below are some guidelines around list collection, identification, unsubscribe, and content requirements that need to be followed by all Maropost customers.

Consent
Maropost requires its customers to ensure they have proper opt-in permission (explicit, express, or implied) for each recipient in their list. Customers are also required to produce proof of opt-in or prior relationship upon request within 72 hours of receipt of a request by the recipient or Maropost. You must use reasonable means to ensure that the person giving consent is the owner of the e-mail address for which the consent is given. Customers are encouraged to ensure they are emailing end users only for the purposes for which their consent has been collected. For example: If bob@example.com has consented to receive a one-time product update from Brand A, their email address should not be used to send Brand A’s general periodic email newsletter.

Explicit or Express Consent
Recipients must express their choice to receive one or more types of emails. Note that consent must be collected using an opt-in mechanism and not an opt-out mechanism. The recipient must take positive action to indicate their consent. Note that express consent may be collected both orally or in writing.

Co-registration on a partner’s website may be acceptable so long as there are separate opt-in options for each list and the recipient is presented with options and choices in a clear and conspicuous manner. For example, recipient choice to consent to one email list should not be construed as consent to receive email from multiple partner lists.

Below are some common sources of collecting express consent:

  • Online webform
  • Offline form, paper ballot
  • Call center

Implied consent
Recipients must have had a prior business or non-business relationship, in most cases within the last two (2) years. There are some other forms of implied consent as well like:

  • The recipient has provided an email address without indicating a wish to receive unsolicited emails and the emails are relevant to the person’s business or official capacity.
  • For example, you may get implicit permission through:
    • The exchange of business cards.
    • A verbal request.
    • A fishbowl collection where no consent to email is asked.
    • The sale of a product or service.
    • An inquiry about a product or service.
    • A donation to your nonprofit organization.
    • Membership to your organization.

Below forms of acquiring email addresses may not provide adequate consent (not an exhaustive list):

  • Email addresses obtained from a third party: Any purchased, rented, or appended list of email addresses from any source, no matter what the source claims.
  • Any shared list of email addresses that haven’t given you direct permission to email, such as:
    • an affiliated company contact list.
    • a trade show attendee list.
  • Address harvesting, Dictionary attacks: These are ways of fraudulently collecting email addresses using various software tools like bots, scrapers, etc., or by attempting to guess email addresses using common usernames at a particular domain.
  • Correcting typos – Creating new email addresses by correcting common typos in either local part or domain part of email addresses.
  • Any collected email addresses obtained by surfing the internet or “scraping” web pages.
  • Role account type email addresses are typically risky in terms of proving consent because users of such addresses change frequently. Role account-based email addresses like:
  • Distribution lists – Since these types of addresses forward email to multiple persons, it is usually very onerous to collect consent from all recipients. Distribution list addresses like:
    • a voter registration list.
    • public directories.
    • membership association contacts.
    • chamber of commerce.
  • Any addresses obtained through social media connections where the contact has not explicitly requested mailings. This includes:
    • Facebook friends.
    • LinkedIn connections.
    • Twitter followers.
    • Instagram followers.
  • Addresses collected using opt-in pages that may be deceptive/ misleading, this includes but is not limited to, misleading users about the products/ services advertised.

Unsubscribe
Every email sent using the Maropost platform must include a clear, conspicuous unsubscribe mechanism that is simple and easy to use. Maropost automatically includes such functionality in the footer of every email.

However, if customers wish to add additional unsubscribe links in the content, Maropost provides the option of using several ‘campaign tags’ to add an unsubscribe link in outgoing emails. Such unsubscribe requests are captured by Maropost software and relevant user addresses are automatically removed from the applicable mailing lists. Customers are responsible for choosing a ‘campaign tag’ that is optimized for their campaign type and recipient selection method. Customers are also responsible to make sure it is coded correctly within their email content.

In case customers use some other unsubscribe link, a plan should be in place to make sure users opting out using such means are marked as unsubscribed in Maropost.

We understand that this may not be entirely feasible, so we discourage customers from using non-Maropost unsubscribe links. Using unsubscribe links belonging to third-party advertisers is very risky because the user never opted into the advertiser and it is challenging to make sure all such users are properly unsubscribed in Maropost.

Maropost also advises customers to ensure singular opt-in does not have multiple opt-outs. Example: If the end user is subscribing to List A, then the sender should not auto-subscribe user address to List B, List C and List D. In case the sender does that, they should ensure that unsubscribe action in any email actually opts the user out of all applicable lists (A, B, C, D).

Snowshoe Spamming or Waterfalling
Snowshoe spamming is an abusive sending technique used in an attempt to avoid email filters. Named for the similarity to how a snowshoe distributes the load of a traveler across a wide area of snow, snowshoe spamming spreads spam across many IPs and domains in order to dilute reputation metrics and evade filters. Furthermore, the practice of switching domains is considered against best practices and your sending reputation will be negatively affected and generally unrecoverable.

It is at the sole discretion of Maropost to determine if the use of multiple IPs or domains are being used for such a practice. If it is determined that Snowshoeing is occurring, Maropost at its sole discretion may suspend or terminate your account.

Waterfalling is an abusive technique wherein a list owner “waterfall” the same illicitly obtained address list through a series of (usually) unknowing, innocent ESPs. Each time they clean out bounces, complainants, and maybe non-respondents, with the end goal being to send the final result through a good ESP with solid deliverability.

The result of this process damages the reputation of each ESP involved, as well as being a violation of ethics, counter to best practices and against our policy.

It is at the sole discretion of Maropost to determine if Waterfalling is being used. If it is determined that Waterfalling is occurring, Maropost at its sole discretion may suspend or terminate your account.

Identification
Maropost requires its customers to accurately identify themselves in emails sent out of their account:

  • You must have a Privacy Policy posted for each domain associated with the mailing
  • Your Privacy Policy must clearly notify recipients if you intended to share their email addresses with third parties OR in accordance with applicable privacy and email regulations obtain the proper permissions to do such.
  • We require senders to have friendly From addresses’ that are accurate, relevant, and consistent on all senders’ messages since emails not matching those best common practices are more highly likely to be marked as spam. This needs to accurately identify the sender of the message (Senders need to introduce themselves to the recipients with relevant, accurate, and consistent name on all their messages).
  • The “Display Name” field must identify the sender of an email that the recipient has opted into. It can be a person, a company, a department, etc., but may not be used as a secondary Subject line. It must be recognizable to the recipient.
  • Subject lines: These need to accurately reflect the purpose of the email.
  • Identification requirements: The sender of the message needs to be clearly identified in the message. In case the message is being sent on someone’s behalf (advertiser), both parties need to be clearly identified in the message.
  • Contact information: Mailing address and either of the following contact information pertaining to the sender needs to be mentioned in the message: telephone number, email address, web address.
  • Statement: In case the message is being sent on behalf of someone else (advertiser), a statement indicating which person is sending the message and which person on whose behalf the message is being sent needs to be mentioned in the message.

Content
We prohibit customers from sending certain types of content (not an exhaustive list):

  • Emails offering illegal goods or services.
  • Emails that violate the CAN-SPAM act or other anti-spam laws
  • Pornography/sexually explicit content
  • Escort services, mail-order bride/spouse finders, international marriage brokers, and other similar sites and services
  • Hookup, swinger, or sexual encounter sites or services
  • Dating services
  • Promoting or supporting terrorism or violent extremism
  • Counterfeit products or products that infringe the intellectual property rights of others, including trademark, copyright, design or patent rights
  • Pharmaceutical products
  • Products claiming to prevent, treat, or cure COVID-19 that are not approved or authorized for emergency use by regulatory or public health agencies, such as the FDA in the U.S.
  • Products that are in demand due to COVID-19 with excessive pricing, price gouging, or deceptive pricing practices or in demand due to COVID-19 and prohibited by applicable law
  • Emails that have false or misleading representation in the email, including subject lines.
  • Emails containing URLs that link to pages that spoof known brands and ask users to download suspicious content.
  • Work from home, internet ‘get rich’ schemes, lead generation opportunities.
  • Network marketing, pyramid schemes, and multi-level marketing.
  • Credit repair and get out of debt opportunities.
  • No online trading, day trading tips, penny stocks, Exchange of currencies, fraudulent shares or stock market related content
  • Cryptocurrencies and virtual currencies.
  • Real-money gambling.
  • Payday loans
  • Multi-level marketing
  • Affiliate marketing
  • Credit repair and get out of debt opportunities
  • List brokers or list rental services
  • Selling “Likes” or followers for a social media platform

With regards to the From: domains; we require customers to ensure they maintain proper DNS entries – A (IP address), TXT (for SPF, DKIM, and DMARC authentication records). Customers also need to ensure they have proper MX records for the Reply-to domain.

From address must be a registered domain and clearly identify the sender. Customer must own or have permission to utilize the From Domain and the domain must have a functional “live” site that ties back to the Customer.

If from or reply address is unmonitored, it must have an autoresponder detailing that it is unmonitored, as well as alternative ways to contact the Customer. A monitored email address must be one of those included forms of communication.

It is also prohibited to use any form of Private WHOIS registration.

ISPs assign a fair bit of reputation to From: domains and we discourage customers from rotating these domains frequently because ISPs regard this as an attempt to circumvent filtering. This includes rotating both the domain and the subdomain. Example: Similar mail should not be sent from many domains like ab.example.com, bc.example.com, de.example.com, fg.example.com, hi.example.com, jk.example.com. Instead, all this mail should be sent from example.com.

In case of any questions or concerns, please feel free to email postmaster@maropost.com

Abuse
You may not use the network or Services to engage in, foster, or promote illegal, fraudulent, abusive, or irresponsible behavior, including, but not limited to:

  • Use of an internet account or computer without the owner’s authorization;
  • Unauthorized access to or use of data, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network or to breach security or authentication measures without express authorization of the owner of the system or network;
  • Monitoring data or traffic on any network or system without the express authorization of the owner of the system or network;
  • Introducing intentionally, knowingly or recklessly, any virus or other contaminating code into the Services;
  • Collecting or using information, including email addresses, screen names, or other identifiers, by deceit, (such as phishing, Internet scamming, password robbery, spidering, and harvesting);
  • Distributing software that covertly gathers or transmits information about a user;
  • Distributing advertisement delivery software unless: (i) the user affirmatively consents to the download and installation of such software based on clear and conspicuous notice of the nature of the software, and (ii) the software is easily removable by use of standard tools for such purpose included on major operating systems.
  • Any conduct that is likely to result in retaliation against the network or website, or employees, officers, or other agents, including engaging in behavior that results in any server being the target of a denial-of-service attack (DoS);
  • Interference with service to any user of our network or other networks including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks;
  • Any action which directly or indirectly results in any of our IP space being listed on any abuse database (i.e. Spamhaus);
  • Conducting any gambling activity in violation of any required licenses, codes of practice, or necessary technical standards required under the laws or regulations of any jurisdiction in which your site is hosted or accessed;
  • Send or transmit Malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code

Offensive Content
You may not publish, transmit or store on or via the Services any content or links to any content that we reasonably believe:

  • Constitutes, depicts, fosters, promotes, or relates in any manner to child pornography, bestiality, non-consensual sex acts, or otherwise unlawfully exploits persons under 18 years of age;
  • Publish, transmit or store any content or links to any content that is excessively violent, incites violence, threatens violence, contains harassing content or hate speech, creates a risk to a person’s safety or health, or public safety or health, compromises national security or interferes with an investigation by law enforcement;
  • Is unfair or deceptive under the consumer protection laws of any jurisdiction, including chain letters and pyramid schemes;
  • Is defamatory or violates a person’s privacy; or
  • Is otherwise malicious, fraudulent, morally repugnant.
  • In addition to the above, Maropost, at its sole discretion(s), can disallow any content that we deem inappropriate or otherwise unlawful and may suspend the Services of any account that violates this policy.

No High-Risk Use
You may not use the Services in any situation where failure or fault of the Services could lead to death or serious bodily injury of any person, or physical or environmental damage

Email Validation
Without limiting the application of any other provisions of this AUP, with respect to any of the Services’ email validation features or functionality, you may not:

  • Use the Services to verify the email address(es) of any person who has not affirmatively consented (i.e., opted-in) to, or who has not expressly opted-out from, receiving email communications from you;
  • Use the Services to validate email addresses that were purchased, rented, or similarly obtained from a third party (i.e., third party email lists); or
  • Use the Services to harvest email addresses or otherwise determine the existence of unknown email addresses.

Vulnerability Testing
You may NOT attempt to probe, scan, penetrate or test the vulnerability of the system or network, or to breach security or authentication measures, whether by passive or intrusive techniques.

Excessive Use of Shared System Resources
You may not use any shared system provided by us in a way that unnecessarily interferes with the normal operation of the shared system, or that consumes a disproportionate share of the resources of the system. For example, we may require you to repair coding abnormalities in your application if it unnecessarily conflicts with other customers’ use of the Services. You agree that we may quarantine or delete any data stored on a shared system if the data is infected with a virus, or is otherwise corrupted, and has the potential to infect or corrupt the system or other customers’ data that is stored on the same system.

Third-Party Conduct
You are responsible for violations of this AUP by anyone using our Services with your permission or on an unauthorized basis as a result of your failure to use reasonable security precautions. Your use of the Services to assist another person in an activity that would violate this AUP if performed by you is a violation of the AUP.

You must use reasonable efforts to secure any device or network within your control against being used in breach of the applicable laws against spam and unsolicited email, including where appropriate by the installation of antivirus software, firewall software, and operating system and application software patches and updates. Our right to suspend or terminate your Services applies even if a breach is committed unintentionally or without your authorization, including through a Trojan horse or virus.

Other
You may only use IP addresses assigned to you by us in connection with your Services. You agree that if you register a DNS record or zone on Maropost managed or operated DNS servers or services for a domain of which you are not the registrant or administrative contact according to the registrars WHOIS system, that, upon request from the registrant or administrative contact according to the registrars WHOIS system, we may modify, transfer, or delete such records or zones. You may not register to use any Services under a false name, or use an invalid or unauthorized credit card in connection with any Services.

Individuals accessing the service must have their own login IDs.  Sharing the same login ID between multiple individuals is a violation of Maropost’s Security Policy.  This policy also applies to vendors who are accessing service as agents on behalf of the primary account owner.

SMS
Overview
Maropost and its partners, only support permission-based and lawful email/mobile marketing practices that comply with but are not limited to regulations such as Canadian Anti-Spam Laws (“CASL”), United States Controlling the Assault of Non-Solicited Pornography and Marketing or (“CAN-SPAM“) Act, United States Telephone Consumer Protection Act (TCPA), or privacy regulations like General Data Protection Regulation (GDPR).

Consent
Maropost requires its customers to get prior explicit opt-in consent in order to send text messages for marketing purposes. Providing only an opt-out does not constitute explicit consent. Customers are also required to produce auditable proof of opt-in upon request.

Consent must be unambiguous to the end user and clear details of the purpose of the messages must be provided. Customers are required to ensure they are sending text messages only for the purposes for which consent has been collected. For example: If consent has been captured for sending text receipts, sending other types of messages (like promotions, deals) is not allowed.

Content
We prohibit customers from sending certain types of content:

  • Texts offering illegal goods or services
  • False, misleading, fraudulent, abusive, or deceptive material
  • Texts containing URLs that link to pages that spoof known brands and ask users to download suspicious content
  • Work from home, internet ‘get rich’ schemes, lead generation opportunities
  • Advertisements for loans, credit repair, debt relief, and debt collection
  • Network marketing, pyramid schemes, and multi-level marketing
  • Offensive, or obscene material
  • No online trading, day trading tips, penny stocks, Exchange of currencies, fraudulent shares or stock market related content
  • Escort services, mail-order bride/spouse finders, international marriage brokers, and other similar sites and services
  • Hookup, swinger, or sexual encounter sites or services
  • Dating services
  • Pharmaceutical products
  • Collecting mobile opt-ins for the purpose of aggregating and reselling consumer information (“lead capture”) to third parties
  • Other fraudulent business practices
  • In addition to the above, Maropost, at its sole discretion(s), can disallow any content that we deem inappropriate or otherwise unlawful and may suspend the Services of any account that violates this policy.

Intellectual Property and Other Proprietary Rights
You may not use our Services in a manner that infringes on or misappropriates the rights of a third party in any work protected by copyright, trade or service mark, invention, or other intellectual property or proprietary information. For example:

  • You may not use the Services to download, publish, torrent, distribute, use, or otherwise copy in any manner any text, music, software, art, image, or other work protected by copyright law unless you have permission from the owner of the work to use or copy the work in that manner, or you are otherwise permitted by established intellectual property law to copy or use the work or rights in that manner;
  • You may not use the Services to publish content intended to assist others in defeating technical copyright protections; and
  • You may not display another person’s trademark without permission.

In addition, you may not use the Services to publish another person’s trade secrets or to publish information in violation of a duty of confidentiality. It is our policy to terminate the services of customers who are repeat infringers in appropriate circumstances.

Export Control
The Services may not be used in violation of export laws, controls, regulations, or sanction policies of the United States or your applicable jurisdiction. The Services may not be used by persons, organizations, companies, or any such other legal entity or unincorporated body, including any affiliate or group company, which is involved with or suspected of involvement in activities or causes relating to illegal gambling; terrorism; narcotics trafficking; arms trafficking or the proliferation, development, design, manufacture, production, stockpiling, or use of nuclear, chemical or biological weapons, weapons of mass destruction, or missiles; in each case including any affiliation with others whatsoever who sponsor or support the above such activities or causes.

Cooperation with Investigations and Legal Proceedings
If we are legally required to permit any relevant authority to inspect your content or traffic, you agree we can do so; provided however that, where possible without breaching any legal or regulatory requirement, we give you reasonable prior notice of such requirement.

We may, without notice to you, report to the appropriate authorities any conduct by you that we believe violates applicable law, and provide any information we have about you, or your users, or your traffic and cooperate in response to a formal request from law enforcement or regulatory agency investigating any such activity, or in response to a formal request in a civil action that on its face meets the requirements for such a request.

Changes to the AUP
The Internet is still evolving, and the ways in which the Internet may be abused are also still evolving. Therefore, we may from time to time amend this AUP to further detail or describe reasonable restrictions on your use of our Services by publishing a revised version of the AUP at https://devtest.maropost.com/anti-spam-policy/, or in the event of a material adverse change to the AUP, by providing you thirty (30) days written notice.

The revised AUP will become effective as to you on the first to occur of: (i) your execution of a new or additional agreement with respect to the Services that incorporates the revised AUP by reference, (ii) the first day of a renewal term for an Agreement that begins at least thirty (30) days after the time that the revised AUP has been posted, or (iii) thirty (30) days following our written notice to you of a material change to the AUP.

If your compliance with the revised AUP would adversely affect your use of the Services, you may elect to terminate the Agreement by giving written notice of your objection no later than thirty (30) days following the date that the revised AUP would otherwise have become effective as to you. We will not charge you an early termination fee for a termination on these grounds. If you elect to terminate, you may continue using the Services for up to an additional ninety (90) days and we will not enforce the revision as to you during this time, you will continue to be subject to the prior version. If you choose to terminate your Services under this Subsection, we may decide to waive that change as to you and keep your Agreement in place for the remainder of the term.

Consequences of Violation of AUP
If you breach the AUP we may suspend or terminate your Services in accordance with the Agreement. We may intercept or block any content or traffic belonging to you or to users where Services are being used unlawfully or not in accordance with this AUP.

No credit will be available under the Agreement for interruptions of service resulting from any AUP violation.