Our Zero-Tolerance Commitment
EngageIQ maintains a zero-tolerance policy toward spam. Every email sent through our platform reaches mailboxes via sending infrastructure shared across thousands of customers. A single bad actor can damage sender reputation for everyone, and sustained abuse can result in IP range blocklisting that disrupts legitimate deliverability industry-wide.
This policy defines the minimum standards all senders must meet, the technical measures we enforce, how we monitor compliance, and the actions we take when violations are detected. It applies to all customers, their workspace members, and any system that sends email through EngageIQ APIs or SMTP relay.
Violations result in immediate action
List Acquisition Standards
The quality of your recipient list is the single most important factor in email deliverability and legal compliance. The following standards apply to every list you send to through EngageIQ.
Permitted list sources
- Explicit opt-in at a web form, app, or point-of-sale where the user actively submitted their address to receive email from you specifically.
- Confirmed (double) opt-in — user submitted the form and clicked a confirmation link sent to their address. Strongly recommended and required in certain jurisdictions.
- Existing customer relationships where you have a lawful transactional or legitimate-interest basis for direct marketing under applicable law.
- Event-based collection (conference, webinar) where attendees were clearly informed their address would be used for email marketing.
Prohibited list sources
- Purchased, rented, or leased lists from any third-party list broker.
- Co-registration lists where recipients consented to a different brand or entity.
- Web-scraped or harvested addresses from public websites, social networks, or directories.
- Lists obtained from data brokers or data aggregators without direct consent.
- Appended or enriched lists where email addresses were added to records that did not originally include them.
- Lists from business-card scanning tools used at volume without individual follow-up consent.
When in doubt, re-confirm
Email Authentication Requirements
Email authentication protocols protect recipients from spoofing and protect your sender reputation. EngageIQ enforces the following for all production-volume sending domains.
SPF — Sender Policy Framework
You must publish a valid SPF record for your sending domain that includes EngageIQ's sending IP ranges. SPF allows receiving mail servers to verify that messages purporting to come from your domain were sent by an authorized mail server. Without a valid SPF record, message rejection rates increase significantly.
| Record type | Required | Enforcement |
|---|---|---|
| SPF (TXT) | Yes — for all sending domains | Sending suspended for domains failing SPF with hard fail (~all) |
| DKIM (TXT) | Yes — 2048-bit key minimum | DKIM signing required for all outbound messages |
| DMARC (TXT) | Strongly recommended (required for Enterprise) | p=none to start; p=quarantine recommended; p=reject for maximum protection |
| BIMI (optional) | Recommended for brand recognition | Requires verified mark certificate (VMC) for full inbox logo display |
DKIM — DomainKeys Identified Mail
All email sent through EngageIQ is DKIM-signed using your verified sending domain. You must add a DKIM CNAME record published by EngageIQ to your DNS to activate signing. We use a minimum 2048-bit RSA key and rotate keys annually. Ed25519 keys are available on Enterprise plans.
DMARC — Domain-based Message Authentication, Reporting & Conformance
A DMARC record ties SPF and DKIM together and tells receiving mail servers what to do when authentication fails. We recommend starting with p=none to collect visibility, then progressing to p=quarantine and ultimately p=reject. DMARC is mandatory for Enterprise customers and for accounts sending above 10,000 messages/day (required by Google and Yahoo 2024 sender guidelines).
Domain verification
All sending domains must be verified in your EngageIQ workspace before use. Verification requires adding DNS records that prove domain ownership. Unverified domains cannot be used as a From address.
Content & Identification Standards
All commercial email sent through EngageIQ must comply with the following content requirements, which are derived from CAN-SPAM, GDPR, CASL, and general mailbox-provider expectations.
- The From name and address must accurately identify the sending organization. No misleading or generic aliases (e.g., "noreply@random-domain.com" for brand email).
- The Subject line must accurately reflect the message content. Deceptive, misleading, or clickbait subject lines are prohibited.
- A physical mailing address (street address, P.O. Box, or private mailbox registered under applicable law) must be included in every commercial email.
- Every commercial email must contain a clear, conspicuous, and functional unsubscribe mechanism — a one-click link is strongly recommended.
- The Reply-To address, if different from the From address, must route to a monitored mailbox capable of handling opt-out requests.
- Messages must not contain hidden text, invisible characters, or obfuscated links designed to mislead spam filters or recipients.
Unsubscribe & Opt-Out Management
Handling opt-outs correctly is both a legal obligation and a core deliverability practice. Honoring unsubscribes reduces complaint rates and prevents sending to disengaged contacts who drag down your domain reputation.
- Process all unsubscribe requests within 10 business days (CAN-SPAM maximum) — EngageIQ's unsubscribe link processes opt-outs immediately.
- Do not charge a fee, require additional personal information, or make the recipient take more than one step to unsubscribe.
- Unsubscribed contacts must be permanently suppressed and must not be re-added to any sending list.
- Honor unsubscribes sent via email reply — forward to a monitored inbox and process them.
- Implement List-Unsubscribe headers (both mailto: and https: forms) for all commercial email. EngageIQ injects these automatically.
- Support one-click unsubscribe (RFC 8058) — required by Gmail and Yahoo for bulk senders since February 2024.
Bounce Management
Sending to invalid addresses is one of the fastest ways to damage sender reputation. EngageIQ automatically processes bounce notifications from receiving mail servers and applies the following rules:
| Bounce type | Definition | EngageIQ action | Sender obligation |
|---|---|---|---|
| Hard bounce | Permanent delivery failure — invalid address, non-existent domain, address blocked by policy | Address auto-suppressed immediately across the workspace | Do not attempt to re-send. Remove from all future lists. |
| Soft bounce | Temporary delivery failure — mailbox full, server temporarily unavailable | 3 retry attempts over 72 hours before suppression | Review if contact re-engages. Clean lists quarterly. |
| Spam complaint | Recipient clicked 'Mark as Spam' in a mailbox with a feedback loop | Address auto-suppressed immediately. Complaint rate tracked. | Investigate root cause. Review list acquisition and frequency. |
Bounce rate thresholds
Persistent high bounce rates indicate list hygiene problems and put shared sending infrastructure at risk. We apply the following escalating controls:
| Metric | Warning threshold | Automatic throttle | Suspension threshold |
|---|---|---|---|
| Hard bounce rate | > 2% per campaign | > 3% | > 5% |
| Soft bounce rate | > 8% per campaign | > 10% | > 15% |
| Spam complaint rate | > 0.08% | > 0.15% | > 0.30% |
Feedback Loop Processing
EngageIQ participates in Abuse Reporting Format (ARF) feedback loops operated by major mailbox providers including Microsoft (SNDS/JMRP), Yahoo, AOL, and others. When a recipient marks a message as spam via their mailbox provider's UI:
- The complaint signal is delivered to EngageIQ's abuse processing pipeline within minutes.
- The recipient's address is automatically suppressed in the sending workspace.
- The complaint is attributed to the originating campaign and counted against the sender's complaint rate.
- Sustained complaint rates trigger automated review and potential sending restrictions.
Customers can view their complaint rates in real time on the Analytics dashboard. We notify sending account owners by email when complaint rates approach warning thresholds.
Prohibited Sending Categories
In addition to the general prohibited content in our Acceptable Use Policy, the following categories of email are specifically prohibited regardless of recipient consent:
- Payday loans, high-interest lending, or debt consolidation offers.
- Get-rich-quick schemes, multi-level marketing, or pyramid structures.
- Counterfeit goods, replica products, or intellectual property violations.
- Prescription medications, controlled substances, or unlicensed health products.
- Gambling or lottery services in jurisdictions where they are regulated without a license.
- Adult content or sexually explicit material.
- Cryptocurrency offerings, NFT promotions, or investment solicitations without regulatory compliance.
- Bulk affiliate marketing using shared or co-registration lists.
- Political campaigns or lobbying on behalf of third parties without disclosure.
- Messages designed to harvest credentials or personal information (phishing).
Regulatory Compliance Summary
The table below summarizes the key requirements of major anti-spam laws. Compliance is your responsibility as the sender; EngageIQ's platform features are designed to support — not substitute for — your legal obligations.
| Law | Jurisdiction | Consent model | Key obligations |
|---|---|---|---|
| CAN-SPAM Act | USA | Opt-out (implied consent permitted for commercial email) | Accurate headers, non-deceptive subject, physical address, functional unsubscribe, 10-day opt-out processing |
| GDPR Art. 6 + ePrivacy Directive | European Union | Opt-in required for direct marketing to individuals | Lawful basis for processing, clear consent records, easy withdrawal, data subject rights |
| UK GDPR + PECR | United Kingdom | Opt-in required for direct marketing to individuals | Same as GDPR; also requires soft opt-in exception for existing customers |
| CASL | Canada | Express or implied consent required | Sender identification, unsubscribe mechanism, consent records, 10-day opt-out |
| Spam Act 2003 | Australia | Consent required (express or inferred) | Sender identification, functional unsubscribe, 5-day opt-out processing |
Enforcement & Escalation
EngageIQ enforces this policy through a combination of automated monitoring, manual review, and reactive investigation triggered by external reports. Our enforcement framework is designed to be proportionate — first-time, minor violations receive warnings; repeat or serious violations result in immediate action.
| Tier | Trigger | Action | Recourse |
|---|---|---|---|
| Advisory | Bounce rate approaching threshold; single complaint spike | Automated email notification with guidance | Sender remediates; no account impact |
| Restriction | Bounce/complaint rate above warning threshold; unverified list suspected | Sending rate throttled; remediation required within 48 hours | Submit remediation plan to support@engageiq.com |
| Suspension | Confirmed spam complaint; prohibited content; repeated threshold breach | Sending suspended pending investigation | Contact support with evidence of list quality and consent |
| Termination | Deliberate spam; phishing; malware; repeat violation after reinstatement | Account terminated; no refund; legal referral if applicable | No automatic right of appeal; may be reported to relevant authorities |
Cooperative remediation
Reporting Spam & Abuse
If you received an unsolicited email that appears to have been sent through EngageIQ infrastructure, please report it. Include the full email headers — not just the body — so we can trace the sending account.
Report Abuse
Email: abuse@engageiq.com
ISP / deliverability coordination: deliverability@engageiq.com
We investigate all reports and take action within 1 hour for confirmed active abuse.
Read next