Acceptable Use Policy

1. Scope of this policy

This Acceptable Use Policy ("AUP") forms part of your agreement with us under our Terms of Service. It governs every use of infrastructure we provide: dedicated and virtual private servers, SMTP relay services, IP warming, and any other service in our catalogue.

The AUP applies regardless of which jurisdiction your infrastructure is operated in. Where applicable law in a specific jurisdiction is more restrictive than this AUP, the local law applies. Where applicable law is more permissive than this AUP, the AUP applies. We do not jurisdiction-shop on our own behalf and we do not enable customers to do so for purposes excluded below.

2. Categorical exclusions

The following are excluded from any service we operate, with no exceptions and no jurisdiction-based reinterpretation. Operating within any of these categories is grounds for immediate termination, full data preservation, and full cooperation with the relevant investigating authorities:

• Material that sexually exploits minors: possession, production, distribution, or facilitation of distribution. Reported under applicable mandatory reporting laws regardless of where the customer is based.
• Malicious software infrastructure: command-and-control servers, ransomware delivery infrastructure, exploit kits, and similar.
• Phishing infrastructure: fake-login portals, brand-impersonation deception sites, credential-harvesting forms targeting individuals or institutions.
• Denial-of-service attack infrastructure: booter, stresser, amplification, or "DDoS-for-hire" services. We don't accept "for security testing only" framing for this category.
• Operations that defraud individuals: romance-scam operations, advance-fee fraud, fake-investment schemes, fake-charity solicitations, impersonation fraud targeting elderly or vulnerable people.
• Operations subject to active criminal proceedings in any jurisdiction where our infrastructure is operated.

These categories are non-negotiable. They are not the subject of debate, of "but what if" hypotheticals, or of jurisdictional carveouts. If you're unsure whether your use case falls within them, the answer is to assume it does and not contact us.

3. General conduct

Beyond the categorical exclusions in section 2, we expect customers to operate infrastructure responsibly. The following are all grounds for warning, suspension, or termination depending on severity and pattern:

• Recipient harm. Sending communications that materially harm the recipient (financial harm, reputational harm, harassment, threats, defamation) is grounds for termination on first credible complaint.
• Non-consensual mailing. The standard of consent we expect is the standard the receiver expects: documented opt-in, double opt-in where required by law, and easy unsubscribe flows. Mailing recipients who never agreed to receive your communications is a fast path to abuse complaints, blocklist listings, and AUP enforcement on our end.
• Network abuse. Unsolicited port scanning of third-party networks, unauthorised vulnerability scanning, brute-forcing third-party authentication systems, and any attack against systems you do not control.
• Deceptive identification. Operating sending domains designed to impersonate established brands, forging identification headers, spoofing return paths to evade complaint feedback loops, and similar evasion patterns.
• Resource misuse. Using shared infrastructure (admin tools, monitoring systems, our Telegram support channels) for purposes other than managing your own service.

4. Third-party complaints and feedback loops

We participate in feedback loops with major mailbox providers (Gmail Postmaster Tools, Microsoft SNDS, Yahoo CFL, Apple iCloud) and we monitor 84 DNS-based blocklists in real time. When a customer's IP or domain accumulates abuse signal we contact the customer first to investigate, give a clear cure path, and apply suspension only if the pattern is severe or persistent.

Customers who repeatedly trigger abuse signals without addressing the root cause are terminated. This is not punitive. Repeated complaint volume on infrastructure we operate damages our network's reputation, which damages every other customer's deliverability. Protecting the network requires removing customers who can't or won't operate within reasonable abuse thresholds.

5. Spamhaus and other blocklist response

A Spamhaus listing on customer infrastructure is taken seriously. Our standard response:

• Notification to the customer within minutes of the listing being detected.
• Joint investigation of root cause (content, list quality, configuration, behaviour).
• Cure plan with concrete remediation steps and a timeline.
• Coordinated delisting submission with documented evidence, typically resolved in 7-14 days.

A customer who refuses to engage with the cure plan, or whose listing is the result of a clearly-excluded activity (section 2), is terminated rather than supported through delisting.

6. Engagement with law enforcement

We respond to valid legal process from courts of competent jurisdiction. We do not respond to informal requests, "voluntary" intelligence-sharing arrangements, or letters of intent that lack judicial backing.

For categorical exclusions in section 2, we cooperate fully and proactively with investigating authorities, regardless of the requesting jurisdiction. The privacy commitments in our Privacy Policy do not extend to operations falling within those categories.

For all other categories, the procedures in our Privacy Policy apply: foreign court orders require domestication, civil discovery proceeds through the courts, customers are notified where notification is legally permitted.

7. Enforcement procedure

AUP enforcement follows a tiered approach proportional to the severity of the issue:

• Informational notice: for first-time minor issues that do not put the network at risk. Sent via Telegram; no service impact.
• Warning with cure period: for moderate issues. The cure period is typically 24 to 72 hours, proportional to severity.
• Suspension pending review: for serious or repeated issues, or for any issue that puts the broader network at material risk. Service is restored if the customer demonstrates the issue is fixed.
• Immediate termination: for categorical exclusions (section 2), confirmed legal violations, or behaviour that has already caused damage to third parties or to our network.

We document our enforcement decisions internally and apply them consistently. We do not selectively enforce based on payment history, customer size, or referral source.

8. Disputes about AUP enforcement

Customers who believe an enforcement action was applied incorrectly can dispute it through the standard support channels. Disputes are reviewed by senior engineering rather than by the operator who made the initial decision, and we explain our reasoning in writing on request.

We try to resolve every dispute through Telegram or ticket conversation. The vast majority of AUP enforcement disputes turn out to be misunderstandings about the underlying issue. When both sides have the same picture of the facts, the right answer is usually obvious.

9. Bulk-sender compliance under 2026 receiver enforcement

Customer infrastructure used for bulk email sending (defined as 5,000 or more daily messages to personal Gmail or Yahoo accounts) must comply with the authentication and complaint-rate requirements that became enforceable through 2025 and 2026. Gmail moved from soft enforcement to outright SMTP-level rejection in November 2025 for senders failing authentication or exceeding the 0.3% complaint-rate ceiling. Microsoft completed equivalent enforcement by April 30, 2026 with 550 5.7.515 rejections on non-compliant bulk mail to consumer Outlook properties. The structural reality is that non-compliant bulk sending no longer produces spam-folder placement; it produces hard rejections that prevent the mail from reaching the receiver at all.

Customers using our infrastructure for bulk sending must operate with SPF, DKIM, and DMARC fully configured and aligned, must process feedback loop complaints and suppress complainants within 24 hours, must maintain complaint rates below 0.3% sustained and below 0.1% as a target, must include functional one-click unsubscribe headers (List-Unsubscribe with List-Unsubscribe-Post for HTTP-based opt-out), and must honour unsubscribe requests within 48 hours. Sustained operation above the 0.3% complaint threshold triggers throttling at the receiver and is grounds for suspension on our side if the customer fails to address it within the cure window.

We do not enforce these as bureaucratic compliance requirements; we enforce them because non-compliance damages the IP and domain reputation that the customer paid us to build. A customer operating above the complaint ceiling is not just risking receiver-side enforcement, they are degrading the infrastructure their next campaign will depend on. The AUP requirement formalises what is already the operational reality of running sustainable bulk email.

10. Cold outreach and B2B sending

Cold outreach to business email addresses (B2B contact databases, scraped LinkedIn data, purchased contact lists) is a permitted use case on our infrastructure, with conditions. The conditions exist because cold outreach is structurally different from opt-in marketing: complaint rates are higher (typically 0.2-0.4% versus 0.05-0.1% for opted-in lists), engagement signals are weaker, and receiver-side tolerance for cold outreach has tightened through 2025-2026 as senders have collectively pushed volume that exceeded what the channel could absorb sustainably.

Operational requirements for cold outreach on our infrastructure: per-mailbox volume below 50 daily during steady-state operation (after initial warmup), per-domain volume below 350 daily aggregate across mailboxes, complaint rate below 0.4% sustained, bounce rate below 5% sustained (which is higher than for opt-in sending because cold contact data quality is structurally lower), functional reply handling because receivers weight reply engagement, and clean opt-out processing within 48 hours of request. The subdomain rotation entry in our wiki documents the architectural patterns that satisfy these constraints at scale.

Cold outreach campaigns that violate these operational constraints damage IP and domain reputation faster than other sending patterns because the underlying signal mix is closer to the receiver-side spam classification thresholds. We monitor cold outreach customers more actively than opt-in marketing customers for this reason, and we will reach out to customers approaching the operational thresholds before they cross them. Customers who repeatedly approach or cross the thresholds despite warnings are subject to the suspension procedures described elsewhere in this AUP.

11. Workloads other than email

Our infrastructure hosts workloads other than email sending, including web hosting, application servers, file distribution, streaming, gaming, crypto nodes, and Tor hidden services. The AUP categorical exclusions (section 2) apply to all workload types. Operational considerations specific to non-email workloads include: bandwidth allocation per service tier (documented in the service catalogue), abuse-handling procedures for content hosting (DMCA notices are forwarded informationally without action absent local court order; abuse reports for specific content are investigated against the categorical exclusions), and resource-isolation enforcement on shared VPS infrastructure (sustained noisy-neighbour behaviour triggers consultation about migrating to dedicated infrastructure).

Specific non-email workload categories that we host with no additional restrictions beyond the categorical exclusions: legitimate business websites in any industry that is legal in the hosting jurisdiction, application backends and APIs, file sharing platforms that do not host illegal content, streaming infrastructure for legitimate content, gaming server infrastructure, cryptocurrency node operation (Bitcoin Core, Lightning Network, Monero, Ethereum, and others), Tor hidden services and onion mirror operation, VPN provider infrastructure for legitimate VPN services. Workloads in these categories are treated identically to email infrastructure under this AUP, with the categorical exclusions applying uniformly.

12. Changes to this policy

We update this AUP when material changes occur. The effective date is shown at the top of the document. Substantial changes are announced via the customer Telegram channel at least 30 days before they take effect, giving customers the opportunity to terminate before the change becomes binding.

13. Contact

Questions about this AUP, requests for clarification of specific clauses, or appeals of enforcement decisions are addressed via:

• Telegram: anonymousserverhosting, fastest channel, median response 12 minutes.
• Ticket: open a ticket at /contact/, answered within 4 hours during operating hours.