Acceptable Use Policy
This policy supplements our Terms of Service (section 4, Acceptable use).
This is our acceptable use policy. It tells you what you can and can’t send. mails.ai is for transactional email only. It’s not for cold outreach or bulk campaigns. Read this before you start sending.
mails.ai is transactional email infrastructure. You may send only to recipients who have a direct, existing relationship with you or your end users — account holders, people who explicitly opted in, or people who initiated the conversation being replied to. Every message sent through mails.ai is a single, 1:1 message triggered by the recipient’s own interaction.
Permitted uses
mails.ai is built for transactional sends triggered by user actions. If a person created an account, completed a purchase, requested a password reset, or started a conversation, you can send them a message about that event. The relationship must be direct and current, not assumed from an old import or inferred from a browsing session.
- Welcome emails and onboarding sequences to users who signed up through your product.
- Order confirmations, shipping notifications, and purchase receipts.
- Password resets, two-factor auth codes, and security alerts.
- Reply notifications when a conversation thread managed by your agent gets a new inbound message.
- Account usage summaries delivered to the verified account holder.
- System alerts and status notifications sent to opted-in subscribers who explicitly requested them.
If you’re building an AI agent that sends email on behalf of your users — replying to inbound messages, sending structured reports to opted-in contacts, or notifying team members about events in your product — you’re using the service as it was designed.
Prohibited without exception
- Unsolicited, bulk, cold, or prospecting email of any kind.
- Cold outreach of any kind.
- Purchased, scraped, or rented recipient lists.
- Marketing campaigns, segmented broadcasts, or audience blasts — mails.ai ships no such features, and they may not be assembled on top of the API.
- Phishing, impersonation, and relay abuse — sending mail you don’t have permission to send, or misrepresenting the origin of a message.
- Distributing malware, content that is sexually exploitative of minors, content that incites violence, content infringing third-party intellectual property, or content unlawful in the recipient’s jurisdiction.
- Attempts to circumvent rate limits, the behavioral classifier, or the suppression list — including rotating API keys to avoid auto-suspend thresholds.
- Using agent automation to harm individuals, including unauthorized surveillance, harassment, or non-consensual content generation.
Categorically prohibited content
The following content types are not permitted on any tier, regardless of claimed opt-in status or consent. Receiving providers treat these categories as high-risk and raising complaint rates for them harms deliverability for every sender on a shared pool.
- Pornography or sexually explicit content.
- Escort or adult-service advertising.
- Pharmaceutical product promotions, prescription or otherwise.
- Gambling services or betting solicitations.
- Multi-level marketing and pyramid scheme recruitment.
- Get-rich-quick, passive income, or money-flipping promotions.
- Credit repair or debt settlement solicitations.
- Short-term, payday, or predatory loan offers.
- List broker services or list rental promotions.
- Soliciting purchases of social media followers, likes, or engagement metrics.
Your responsibilities
You are responsible for everything sent through your account, including sends triggered automatically by your AI agents. That means:
- Keep API keys out of public repositories, client-side code, and shared environments. Keys are hashed at rest; a leaked key must be rotated from the dashboard immediately.
- Audit the logic that triggers sends to confirm it only fires for genuine user interactions, not bulk or cold outreach patterns assembled from a list.
- Remove addresses from your send logic as soon as you receive a bounce or unsubscribe signal. The suppression list handles hard bounces automatically on our end, but you should mirror that logic in your own systems so you don’t attempt to re-add suppressed addresses through a new send path.
- Ensure the “From” domain and display name you configure accurately represent the entity your recipient expects to hear from. Sending on behalf of a domain you don’t control or have authorization to use is prohibited.
- If multiple team members or sub-accounts access your workspace, you are accountable for their activity. Shared access does not distribute responsibility — the account holder is the responsible party for all sends.
Enforcement
Every new account is reviewed before it can send: a workspace defaults to not-approved and cannot send a single message until we manually approve it — self-serve signup is not self-serve sending.
Every permanent bounce and every spam complaint is written to a suppression list that is enforced on every send — a repeat send to a suppressed address is rejected before it leaves the system. Automated reputation monitoring auto-suspends any sender exceeding a 0.3% complaint rate (below AWS SES’s 0.5% threshold) or a 5% bounce rate. We run on AWS SES and comply with the AWS Acceptable Use Policy; anything AWS prohibits is prohibited here, regardless of the terms above.
Our classifier checks each message you send against the usage patterns flagged by ISPs. If it detects cold-outreach signals — a new address list, a message body matching marketing templates, or no prior reply history between sender and recipient — it routes the message to a lower-reputation pool or holds it for review. Senders who repeatedly trip these signals are paused for manual review. Mails.ai does not offer a bulk, cold, or marketing tier — every send must be transactional.
Suspension and termination
Accounts that violate this policy or exceed abuse thresholds are suspended automatically, without prior notice when the situation is urgent (active abuse, ongoing high complaint rate, legal compulsion). For non-emergency violations we will contact you first and give you a chance to address the issue before sends are blocked.
A suspended account keeps its data intact but cannot send. You can request a review by contacting support. If the suspension was triggered by a classifier error, we reverse it and adjust the classifier. If the suspension was triggered by a genuine policy violation, the account stays suspended until the issue is resolved to our satisfaction or until we decide to terminate the account.
Account termination is permanent. Terminated accounts lose dashboard access, and data is deleted within 30 days per the privacy policy. We do not issue refunds for unused subscription time when termination results from a policy violation.
Reporting violations
If you received email you believe was sent through mails.ai infrastructure in violation of this policy, report it to support@mails.ai. Include the full email headers so we can trace the sending account and act on it. Confirmed abuse reports result in sender suspension and, where warranted, account termination.