Acceptable Use Policy

Effective date: April 17, 2026  ·  Last updated: April 17, 2026

This Acceptable Use Policy ("AUP") sets out the rules governing what you may and may not do with the MailSetu email delivery platform ("Service"). This AUP is incorporated by reference into the Terms of Service and has the same legal force.

As an email infrastructure provider, MailSetu's reputation — and therefore the deliverability of all our customers' emails — depends on every customer sending lawfully and responsibly. A single bad actor can harm thousands of legitimate senders. We therefore enforce this AUP strictly.

1. Permitted Uses

You may use MailSetu to send:

  • Transactional emails: account confirmations, password resets, OTPs, order confirmations, shipping notifications, invoices, and similar messages triggered by a user's direct interaction with your product.
  • Operational alerts: system monitoring alerts, error notifications, and scheduled reports sent to people who have opted in to receive them.
  • User-initiated notifications: messages that a logged-in user has explicitly requested (e.g., a "send me this report" feature).
  • Double opt-in confirmation emails: messages confirming that a subscriber has requested to join a mailing list (the confirmation message itself, not the subsequent marketing).

MailSetu is a transactional email service, not a bulk marketing or newsletter platform. If you need to send large-scale marketing campaigns, please use a dedicated marketing platform (e.g., Mailchimp, Klaviyo) and use MailSetu only for transactional messages.

2. Prohibited Content

You must not use the Service to send emails that contain or relate to:

  • Unsolicited commercial messages (spam) — any email sent to recipients who have not given explicit, verifiable consent to receive messages from you.
  • Phishing or spoofing — emails designed to deceive recipients into revealing sensitive information, or emails that impersonate another company, government entity, or individual.
  • Malware or malicious code — attachments or links that download or execute malicious software, ransomware, spyware, or viruses.
  • Fraudulent schemes — Ponzi schemes, advance-fee fraud ("419 scams"), fake lottery notifications, or any other deceptive financial offer.
  • Adult / sexually explicit content sent to recipients who have not affirmatively opted in to such content on a platform that is age-verified.
  • Hate speech or harassment — content that promotes discrimination, violence, or hatred based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics.
  • Child sexual abuse material (CSAM) — absolutely prohibited. We will report any such use to NCMEC and appropriate law enforcement authorities immediately.
  • Illegal goods or services — narcotics, counterfeit products, unlicensed firearms, fake documents, or any other product or service the sale of which is illegal in India or the recipient's jurisdiction.
  • Investment / financial advice without SEBI registration — unregistered investment advice, unauthorised forex or crypto trading signals.
  • Gambling promotions where online gambling is prohibited by applicable law.
  • Political campaign material in violation of Indian election law.
  • Messages that violate the TRAI regulations on commercial communications, including messages that do not comply with the Telecom Commercial Communications Customer Preference Regulations.

3. Prohibited Sending Practices

You must not:

  • Send to purchased, rented, scraped, or harvested email lists. All recipients must have given you explicit, direct consent.
  • Suppress opt-out requests — if a recipient asks to be removed from your communications, you must honour the request within 10 business days and must not send them further emails.
  • Falsify headers — the From, Reply-To, and other headers must accurately identify the sender. We enforce this via DKIM/SPF verification.
  • Use deceptive subject lines that misrepresent the content of the email.
  • Circumvent rate limits using multiple accounts, subaccounts, or rotating API keys to exceed your plan's sending quota.
  • Use the Service as a relay for third-party senders — you may not resell or offer MailSetu's infrastructure as an email relay to other parties without our prior written consent.
  • Use the Service to test deliverability at scale with invalid or randomly generated email addresses (address probing).
  • Send emails that cause a bounce rate exceeding 5% or a spam complaint rate exceeding 0.1% of total monthly send volume. Exceeding these thresholds may result in automatic rate limiting or account suspension.

4. Domain and Identity Requirements

  • The From domain in your emails must be a domain you own and have verified through our domain management system.
  • Your sending domain must have a valid SPF record, DKIM signature (generated by MailSetu), and a DMARC policy of at least p=none.
  • You must not use free webmail domains (e.g., @gmail.com, @yahoo.com, @outlook.com) as your From address. These domains' DMARC policies will cause your emails to fail authentication.
  • You must not use a From address that suggests you are MailSetu, AWS, Razorpay, or any other company you are not affiliated with.

5. Compliance with Law

You are solely responsible for ensuring your use of the Service complies with all applicable laws, including:

  • The Information Technology Act, 2000 and its amendments.
  • The Indian Penal Code (sections relating to fraud, defamation, obscenity).
  • The Digital Personal Data Protection Act, 2023.
  • TRAI's Telecom Commercial Communications Customer Preference Regulations (DND/DNC requirements).
  • CAN-SPAM Act (USA) if you are sending to US recipients.
  • GDPR (EU/UK) if you are sending to EU or UK residents.
  • CASL (Canada) if you are sending to Canadian recipients.

6. Monitoring and Enforcement

MailSetu monitors email traffic for compliance using automated systems and, in some cases, manual review. We may:

  • Pause or rate-limit your account if automated systems detect unusual sending patterns.
  • Request information about your business and use case before enabling high-volume sending.
  • Immediately suspend accounts found to be sending prohibited content without notice or refund.
  • Permanently ban accounts and associated email addresses from the platform for repeated or severe violations.
  • Report illegal activity to law enforcement authorities.
  • Cooperate fully with law enforcement investigations and respond to valid legal process.

We will generally attempt to notify you before taking action unless the violation is severe, ongoing, or risks harm to other users or recipients.

7. Complaint Handling

If you receive a complaint about emails sent through MailSetu, you must:

  • Investigate and resolve the complaint promptly.
  • Remove the complainant from all future mailings immediately.
  • Notify us at abuse@mailssetu.in if the complaint involves a legal threat or regulatory inquiry.

Recipients or third parties who wish to report abuse should email abuse@mailssetu.in. We take all abuse reports seriously and typically respond within one business day.

8. Consequences of Violation

Depending on the severity and frequency of violations, consequences may include:

  • A written warning and request to remediate.
  • Temporary suspension of sending capabilities.
  • Reduction of sending quota or rate limits.
  • Permanent account termination without refund.
  • Reporting to relevant authorities (TRAI, police, CERT-In, NCMEC).
  • Legal action for damages caused to MailSetu or third parties.

9. Changes to This Policy

We may update this AUP at any time with notice as described in the Terms of Service. Continuing to use the Service after notice constitutes acceptance of the revised AUP.

10. Contact

© 2026 MailSetu. All rights reserved. · Mumbai, India