Skip to Content
LegalAnti-Spam Policy

Anti-Spam Policy

Effective: 1 May 2026

Spam isn’t just unwelcome — it’s illegal in most jurisdictions and damages every legitimate sender on shared sending infrastructure. This page tells you what counts as consent, what list-acquisition practices are forbidden, and how unsubscribes flow through the system.

You may send marketing email only to recipients who have given clear, affirmative, recordable consent to receive marketing email from your specific organization. Consent must:

  1. Be affirmative — a deliberate action by the recipient (clicked a checkbox, completed a form, sent a written request). Pre-ticked checkboxes do not count.
  2. Be specific — they consented to email from your organization, for the purpose you’ll use it for. Consent given for “service updates” does not authorize promotional offers.
  3. Be informed — you told them at the point of consent who you are, what they would receive, and how to withdraw consent.
  4. Be recordable — you can produce, on request, the date, timestamp, IP address, and exact wording of the consent prompt.

Single opt-in is acceptable for most jurisdictions. Double opt-in (confirmed opt-in) is required for senders targeting Germany, Austria, Brazil, and is strongly recommended for all sending lists because it cuts complaints and bounces dramatically.

  • Membership in a public directory.
  • Publication of the address on a website.
  • Provision of the address as part of an unrelated transaction (e.g. someone bought a product — that doesn’t authorize marketing unrelated to the purchase).
  • Forwarded consent (“My friend gave me your email”).
  • Contractual obligation of the recipient to receive your messages in another channel (e.g. they are your employee or your customer).

Some jurisdictions recognize implied consent for transactional or relationship messages. Even where lawful, you should:

  • Limit messages to the relationship in question (order confirmations, account security alerts, document signings).
  • Honor unsubscribes the same way you would for marketing.
  • Refresh consent at least every 24 months.

Banned list-acquisition practices

You must not send through Splashify Pro to addresses obtained through:

  • Purchase, rental, or trade of any list, regardless of the vendor’s claims about consent or quality.
  • Web scraping — collecting addresses from websites, social networks, directories, or any place addresses are published.
  • Email appending — taking a name and using a service to “find” the email address.
  • Dictionary attacks — generating addresses by combining names, numbers, or words against a domain.
  • Co-registration — inheriting consent from a partner’s signup form unless the partner clearly named your organization at the point of opt-in.
  • Contests, sweepstakes, raffles — unless email consent was a separate opt-in from entering the contest.
  • Customer data acquired through merger, acquisition, or bankruptcy unless consent was specifically transferred to the acquiring entity in the original opt-in language.

Sending to any address obtained through the above triggers Auto-Action System responses ranging from auto-pause to termination depending on volume and pattern.

Unsubscribe requirements

Every marketing email must include

  1. A functional unsubscribe link that:

    • Works without requiring login.
    • Removes the recipient from your sending list within 10 calendar days (we do this within seconds).
    • Does not require entering personal data.
    • Does not redirect through tracking domains that strip the request.

  2. The List-Unsubscribe header in the format defined by RFC 2369:

    List-Unsubscribe: <mailto:unsubscribe@yourdomain.com>, <https://...>

  3. The List-Unsubscribe-Post header for one-click unsubscribe per RFC 8058, supported by Gmail and Outlook:

    List-Unsubscribe-Post: List-Unsubscribe=One-Click

The Splashify Pro renderer adds all three automatically when you send via /send, /send-template, or /send-bulk. For raw-MIME sends via /send-raw, you must include them yourself.

What unsubscribe means

Once a recipient unsubscribes from any of your messages, you may not email that address again from any sending domain you control, regardless of the configuration set or template used. Splashify Pro enforces this account-wide via the suppression list.

Re-engagement

If an address has unsubscribed from your marketing list, you may not re-add it without fresh affirmative consent captured after the unsubscribe. You may continue to send transactional messages (order confirmations, security alerts, legally-mandated notices) to that address.

Spam laws we enforce

Splashify Pro requires you to comply with anti-spam laws of every country your recipients reside in. We particularly check against:

CAN-SPAM Act, 2003 (US)

  • Accurate From, Reply-To, and routing information.
  • Truthful Subject lines.
  • Identification as an advertisement (where applicable).
  • A valid physical postal address of the sender.
  • Functional unsubscribe processed within 10 business days.

CASL (Canada)

  • Express consent (verbal recording or written log) for marketing.
  • Identification of the sender, including any person on whose behalf the message is sent.
  • Functional unsubscribe processed within 10 business days.
  • Penalties up to CAD 10 million per violation.

GDPR (EU)

  • Lawful basis for processing — typically consent or legitimate interest balanced against the recipient’s privacy rights.
  • Right to object to direct marketing — unsubscribe must be available “by electronic means”.
  • Records of consent must be auditable.

DPDP Act, 2023 (India)

  • Notice at the point of collection in the language of the recipient’s choice (the 22 official languages of India).
  • Consent must be free, specific, informed, unconditional, and unambiguous.
  • Withdrawal of consent must be as easy as giving it.
  • Penalties up to INR 250 crore.

ePrivacy Directive (EU)

  • Requires prior opt-in consent for marketing email to natural persons, even where the underlying GDPR basis would be legitimate interest.

LGPD (Brazil)

  • Same consent rigor as GDPR, with explicit prior consent required for marketing in most contexts.

Spamtrap addresses

Spamtraps are addresses planted by inbox providers and reputation services to detect senders who don’t have proper consent. They never opt in, so any send to a spamtrap is by definition non-consensual.

We auto-detect spamtrap hits via reputation feeds. A single hit produces an auto-pause; two within 7 days is treated as a deliberate list-acquisition violation and may result in termination.

The most common cause of spamtrap hits is purchased lists. The second most common is failure to clean a long-dormant list before re-engaging it. Don’t do either.

Engagement-based hygiene

Even with proper consent, recipients lose interest. Lists go stale. Bounces and complaints rise. To stay deliverable:

  • Monitor engagement. Open and click rates trending toward zero in a segment is a signal to re-engage or remove.
  • Set a freshness threshold. Drop addresses with no opens or clicks in 12 months. Major inbox providers consider sustained non-engagement a deliverability negative.
  • Segment new acquisitions. Recipients who signed up in the last 30 days behave differently than recipients from 5 years ago. Send them through different configuration sets so reputation issues don’t bleed.
  • Honor frequency preferences. If a recipient asks for “monthly only” and you send weekly, you’ll see complaints.

Reporting spam to us

If you’ve received spam from a Splashify Pro sender, forward the message with full headers preserved to abuse@splashifypro.in. We respond within 24 hours on business days. Acting on abuse reports is mandatory under the IT Act and we take it seriously.

Auto-Action SystemData Processing Agreement