Compliance

Anti-Spam Policy

EngageIQ's zero-tolerance stance on spam: the list acquisition standards, authentication requirements, bounce and complaint thresholds, and enforcement actions that protect our shared sending infrastructure.

Effective June 12, 2026
Last updated June 12, 2026
01

Our Zero-Tolerance Commitment

EngageIQ maintains a zero-tolerance policy toward spam. Every email sent through our platform reaches mailboxes via sending infrastructure shared across thousands of customers. A single bad actor can damage sender reputation for everyone, and sustained abuse can result in IP range blocklisting that disrupts legitimate deliverability industry-wide.

This policy defines the minimum standards all senders must meet, the technical measures we enforce, how we monitor compliance, and the actions we take when violations are detected. It applies to all customers, their workspace members, and any system that sends email through EngageIQ APIs or SMTP relay.

Violations result in immediate action

We reserve the right to suspend sending privileges or terminate accounts without notice when active spam or abuse is detected. No refunds are issued for policy-related terminations.
02

List Acquisition Standards

The quality of your recipient list is the single most important factor in email deliverability and legal compliance. The following standards apply to every list you send to through EngageIQ.

Permitted list sources

  • Explicit opt-in at a web form, app, or point-of-sale where the user actively submitted their address to receive email from you specifically.
  • Confirmed (double) opt-in — user submitted the form and clicked a confirmation link sent to their address. Strongly recommended and required in certain jurisdictions.
  • Existing customer relationships where you have a lawful transactional or legitimate-interest basis for direct marketing under applicable law.
  • Event-based collection (conference, webinar) where attendees were clearly informed their address would be used for email marketing.

Prohibited list sources

  • Purchased, rented, or leased lists from any third-party list broker.
  • Co-registration lists where recipients consented to a different brand or entity.
  • Web-scraped or harvested addresses from public websites, social networks, or directories.
  • Lists obtained from data brokers or data aggregators without direct consent.
  • Appended or enriched lists where email addresses were added to records that did not originally include them.
  • Lists from business-card scanning tools used at volume without individual follow-up consent.

When in doubt, re-confirm

If your list has not been emailed in over 12 months, treat it as a cold list. Send a re-permission campaign to active engagers before resuming regular sends. EngageIQ may require this before granting high-volume sending access on new accounts.
03

Email Authentication Requirements

Email authentication protocols protect recipients from spoofing and protect your sender reputation. EngageIQ enforces the following for all production-volume sending domains.

SPF — Sender Policy Framework

You must publish a valid SPF record for your sending domain that includes EngageIQ's sending IP ranges. SPF allows receiving mail servers to verify that messages purporting to come from your domain were sent by an authorized mail server. Without a valid SPF record, message rejection rates increase significantly.

Record typeRequiredEnforcement
SPF (TXT)Yes — for all sending domainsSending suspended for domains failing SPF with hard fail (~all)
DKIM (TXT)Yes — 2048-bit key minimumDKIM signing required for all outbound messages
DMARC (TXT)Strongly recommended (required for Enterprise)p=none to start; p=quarantine recommended; p=reject for maximum protection
BIMI (optional)Recommended for brand recognitionRequires verified mark certificate (VMC) for full inbox logo display

DKIM — DomainKeys Identified Mail

All email sent through EngageIQ is DKIM-signed using your verified sending domain. You must add a DKIM CNAME record published by EngageIQ to your DNS to activate signing. We use a minimum 2048-bit RSA key and rotate keys annually. Ed25519 keys are available on Enterprise plans.

DMARC — Domain-based Message Authentication, Reporting & Conformance

A DMARC record ties SPF and DKIM together and tells receiving mail servers what to do when authentication fails. We recommend starting with p=none to collect visibility, then progressing to p=quarantine and ultimately p=reject. DMARC is mandatory for Enterprise customers and for accounts sending above 10,000 messages/day (required by Google and Yahoo 2024 sender guidelines).

Domain verification

All sending domains must be verified in your EngageIQ workspace before use. Verification requires adding DNS records that prove domain ownership. Unverified domains cannot be used as a From address.

04

Content & Identification Standards

All commercial email sent through EngageIQ must comply with the following content requirements, which are derived from CAN-SPAM, GDPR, CASL, and general mailbox-provider expectations.

  • The From name and address must accurately identify the sending organization. No misleading or generic aliases (e.g., "noreply@random-domain.com" for brand email).
  • The Subject line must accurately reflect the message content. Deceptive, misleading, or clickbait subject lines are prohibited.
  • A physical mailing address (street address, P.O. Box, or private mailbox registered under applicable law) must be included in every commercial email.
  • Every commercial email must contain a clear, conspicuous, and functional unsubscribe mechanism — a one-click link is strongly recommended.
  • The Reply-To address, if different from the From address, must route to a monitored mailbox capable of handling opt-out requests.
  • Messages must not contain hidden text, invisible characters, or obfuscated links designed to mislead spam filters or recipients.
05

Unsubscribe & Opt-Out Management

Handling opt-outs correctly is both a legal obligation and a core deliverability practice. Honoring unsubscribes reduces complaint rates and prevents sending to disengaged contacts who drag down your domain reputation.

  • Process all unsubscribe requests within 10 business days (CAN-SPAM maximum) — EngageIQ's unsubscribe link processes opt-outs immediately.
  • Do not charge a fee, require additional personal information, or make the recipient take more than one step to unsubscribe.
  • Unsubscribed contacts must be permanently suppressed and must not be re-added to any sending list.
  • Honor unsubscribes sent via email reply — forward to a monitored inbox and process them.
  • Implement List-Unsubscribe headers (both mailto: and https: forms) for all commercial email. EngageIQ injects these automatically.
  • Support one-click unsubscribe (RFC 8058) — required by Gmail and Yahoo for bulk senders since February 2024.
06

Bounce Management

Sending to invalid addresses is one of the fastest ways to damage sender reputation. EngageIQ automatically processes bounce notifications from receiving mail servers and applies the following rules:

Bounce typeDefinitionEngageIQ actionSender obligation
Hard bouncePermanent delivery failure — invalid address, non-existent domain, address blocked by policyAddress auto-suppressed immediately across the workspaceDo not attempt to re-send. Remove from all future lists.
Soft bounceTemporary delivery failure — mailbox full, server temporarily unavailable3 retry attempts over 72 hours before suppressionReview if contact re-engages. Clean lists quarterly.
Spam complaintRecipient clicked 'Mark as Spam' in a mailbox with a feedback loopAddress auto-suppressed immediately. Complaint rate tracked.Investigate root cause. Review list acquisition and frequency.

Bounce rate thresholds

Persistent high bounce rates indicate list hygiene problems and put shared sending infrastructure at risk. We apply the following escalating controls:

MetricWarning thresholdAutomatic throttleSuspension threshold
Hard bounce rate> 2% per campaign> 3%> 5%
Soft bounce rate> 8% per campaign> 10%> 15%
Spam complaint rate> 0.08%> 0.15%> 0.30%
07

Feedback Loop Processing

EngageIQ participates in Abuse Reporting Format (ARF) feedback loops operated by major mailbox providers including Microsoft (SNDS/JMRP), Yahoo, AOL, and others. When a recipient marks a message as spam via their mailbox provider's UI:

  • The complaint signal is delivered to EngageIQ's abuse processing pipeline within minutes.
  • The recipient's address is automatically suppressed in the sending workspace.
  • The complaint is attributed to the originating campaign and counted against the sender's complaint rate.
  • Sustained complaint rates trigger automated review and potential sending restrictions.

Customers can view their complaint rates in real time on the Analytics dashboard. We notify sending account owners by email when complaint rates approach warning thresholds.

08

Prohibited Sending Categories

In addition to the general prohibited content in our Acceptable Use Policy, the following categories of email are specifically prohibited regardless of recipient consent:

  • Payday loans, high-interest lending, or debt consolidation offers.
  • Get-rich-quick schemes, multi-level marketing, or pyramid structures.
  • Counterfeit goods, replica products, or intellectual property violations.
  • Prescription medications, controlled substances, or unlicensed health products.
  • Gambling or lottery services in jurisdictions where they are regulated without a license.
  • Adult content or sexually explicit material.
  • Cryptocurrency offerings, NFT promotions, or investment solicitations without regulatory compliance.
  • Bulk affiliate marketing using shared or co-registration lists.
  • Political campaigns or lobbying on behalf of third parties without disclosure.
  • Messages designed to harvest credentials or personal information (phishing).
09

Regulatory Compliance Summary

The table below summarizes the key requirements of major anti-spam laws. Compliance is your responsibility as the sender; EngageIQ's platform features are designed to support — not substitute for — your legal obligations.

LawJurisdictionConsent modelKey obligations
CAN-SPAM ActUSAOpt-out (implied consent permitted for commercial email)Accurate headers, non-deceptive subject, physical address, functional unsubscribe, 10-day opt-out processing
GDPR Art. 6 + ePrivacy DirectiveEuropean UnionOpt-in required for direct marketing to individualsLawful basis for processing, clear consent records, easy withdrawal, data subject rights
UK GDPR + PECRUnited KingdomOpt-in required for direct marketing to individualsSame as GDPR; also requires soft opt-in exception for existing customers
CASLCanadaExpress or implied consent requiredSender identification, unsubscribe mechanism, consent records, 10-day opt-out
Spam Act 2003AustraliaConsent required (express or inferred)Sender identification, functional unsubscribe, 5-day opt-out processing
10

Enforcement & Escalation

EngageIQ enforces this policy through a combination of automated monitoring, manual review, and reactive investigation triggered by external reports. Our enforcement framework is designed to be proportionate — first-time, minor violations receive warnings; repeat or serious violations result in immediate action.

TierTriggerActionRecourse
AdvisoryBounce rate approaching threshold; single complaint spikeAutomated email notification with guidanceSender remediates; no account impact
RestrictionBounce/complaint rate above warning threshold; unverified list suspectedSending rate throttled; remediation required within 48 hoursSubmit remediation plan to support@engageiq.com
SuspensionConfirmed spam complaint; prohibited content; repeated threshold breachSending suspended pending investigationContact support with evidence of list quality and consent
TerminationDeliberate spam; phishing; malware; repeat violation after reinstatementAccount terminated; no refund; legal referral if applicableNo automatic right of appeal; may be reported to relevant authorities

Cooperative remediation

We prefer to work with customers to fix deliverability problems rather than terminate accounts. If you receive a warning or restriction, contact support@engageiq.com promptly and we will work through the issue with you.
11

Reporting Spam & Abuse

If you received an unsolicited email that appears to have been sent through EngageIQ infrastructure, please report it. Include the full email headers — not just the body — so we can trace the sending account.

Report Abuse

Email: abuse@engageiq.com

ISP / deliverability coordination: deliverability@engageiq.com

We investigate all reports and take action within 1 hour for confirmed active abuse.

Read next

Acceptable Use Policy