# Acceptable use policy

> What may not be sent through Email Fast: spam, deception, malware, and abuse — and how enforcement works, including the platform's automatic protections.

Canonical: https://emailfast.dev/legal/aup

## Not allowed

- **Unsolicited bulk email.** Purchased, scraped, or harvested lists; sending without consent; re-adding unsubscribers.
- **Deception.** Forged senders, misleading subjects, phishing, impersonation.
- **Malicious content.** Malware, credential harvesting, link-cloaked exploits.
- **Illegal content** under EU law or the law of your sending jurisdiction.
- **Abuse of the platform** — attempting to bypass suppression, quotas, content policy, or another tenant's isolation.

## How enforcement works

Most enforcement is structural: every send — REST, SMTP, browser SDK, compatibility endpoints, broadcasts, automations — passes through one admission gate: idempotency, suppression, quota, and content policy in a single checkpoint no ingress can skip. Complaint feedback loops suppress
a recipient on the first spam report; reputation breakers throttle sending patterns
that look like abuse before mailbox providers have to react.

When policy enforcement triggers, a human reviews it. You'll get specifics — what
tripped, on which sends — not a form letter. Appeals: **hello@emailfast.dev**.

## Reporting abuse

Received something abusive sent through Email Fast? Forward it with headers to
**abuse@emailfast.dev**. Complaint-loop reports are also ingested automatically.
