This Acceptable Use Policy (“AUP”) governs your use of the Defrost service. It exists to keep our customers compliant with anti-spam and consumer-protection law, to protect the deliverability of the broader mail ecosystem, and to give us a clear footing to suspend accounts that abuse the platform. By using Defrost, you agree to this AUP. Continued use after a policy update constitutes acceptance of the updated terms.
1. Cold-email compliance
Defrost is a B2B cold-outreach platform. As a customer, you represent and warrant that:
- Every recipient on every list you upload, import, or generate via Defrost is a legitimate B2B contact — a real person at a real business with a plausible business reason to receive your outreach.
- Your outreach complies with the laws of the jurisdictions where your recipients are located, including but not limited to:
- CAN-SPAM Act (United States) — accurate identification, valid postal address, functional unsubscribe
- CASL (Canada) — implied or express consent, identification, unsubscribe
- UK PECR + UK GDPR — soft-opt-in footing for B2B, unsubscribe, identification
- EU ePrivacy Directive + GDPR — legitimate-interest balancing, transparency, unsubscribe
- Australia Spam Act 2003 — consent (express or inferred), identification, functional unsubscribe
- You honour every unsubscribe request within the time the applicable law requires (10 business days under CAN-SPAM; Defrost auto-enforces immediate suppression).
- You will not bypass, disable, or attempt to defeat the platform's unsubscribe enforcement, bounce-rate auto-pause, or rate-limit controls.
2. Prohibited content
You may not use Defrost to distribute, link to, or solicit any of the following:
- Malware, ransomware, spyware, or any malicious code
- Phishing, credential harvesting, or impersonation of any individual, brand, or institution
- Fraudulent schemes, including but not limited to pyramid schemes, advance-fee fraud, fake-invoice scams, romance scams, or any conduct designed to deceive recipients into transferring money or credentials
- Promotion of illegal goods or services (controlled substances, illegal weapons, prohibited gambling, counterfeit goods, etc.)
- Hate speech, harassment, threats, doxxing, or any content that targets a protected class
- Sexually explicit material, content involving minors, or any non- consensual content
- Disinformation campaigns, election interference, or coordinated inauthentic behaviour
- Misleading subject lines, deceptive sender identity, or any technique designed to evade spam filters or hide the true nature of the communication
3. Prohibited targeting
You may not target the following recipients:
- Minors (any recipient under the age of majority in their jurisdiction, generally under 18; under 13 absolutely prohibited)
- Anyone on a suppression list— yours, ours, or a regulatory list (e.g., the FTC's DNC registry equivalent for email where it exists, the German Robinson List, etc.)
- Anyone who has unsubscribed from any of your prior campaigns, regardless of channel
- Spam-trap addresses or honeypots (intentional or otherwise — your list hygiene is your responsibility)
- Government, military, or .edu addresseswhere doing so would be a violation of the recipient organisation's acceptable use rules
4. Rate limits
Defrost enforces per-account daily send caps designed to protect both your sending reputation and the broader ecosystem:
- Warm mailboxes: up to 50 sends per day per connected mailbox (default; configurable lower)
- Mailboxes in warmup: up to 20 sends per day, ramping up over the warmup window
- Send pacing: 45-120 second randomised delay between sends per mailbox to mimic human behaviour
- Bounce-rate auto-pause: any campaign exceeding a 5% bounce rate over a rolling window is automatically paused pending review
- Spam-complaint auto-pause: any campaign generating a spam-complaint rate above industry-standard thresholds is automatically paused
Attempts to circumvent these limits — by, e.g., spinning up shell mailboxes, rotating accounts, or rapidly re-uploading suppressed contacts — will result in immediate suspension under §6 below.
5. Sending-reputation hygiene
- Your sending domain must have valid SPF, DKIM, and DMARC records before Defrost will permit sending. Our onboarding flow walks you through this.
- You are responsible for monitoring your own domain reputation (Google Postmaster Tools, Microsoft SNDS).
- If your sending domain is listed on a major blocklist (SpamHaus, etc.) we may pause your sending until the listing is resolved. See
docs/runbooks/RUNBOOK-blocklist-delisting.md. - Managed sending domains (done-for-you): if you use a Defrost-managed sending domain, Defrost provisions the SPF/DKIM/DMARC records and manages inbox warmup and reputation on the dedicated domain for you — but your obligations for content, targeting, volume, and lawful basis in this policy still apply in full. Sustained high complaint or bounce rates on a managed domain can trigger an automatic reputation pause of that domain (and, in severe cases, of the shared relay) to protect deliverability for all customers.
6. Termination & suspension
- Severe violations — phishing, malware, fraud, content involving minors, content targeting a protected class — will result in immediate account suspension and, where appropriate, referral to law enforcement.
- Moderate violations — exceeding bounce/complaint thresholds, repeated list-hygiene failures, isolated CAN-SPAM violations — will result in a 7-day notice, an opportunity to cure, and suspension if the violation is not cured.
- Minor violations — one-off misconfigurations, accidental misuse — will be flagged via in-app notification with guidance on how to fix.
- Suspended accounts retain access to their data for 30 days for export, after which data is purged per our retention policy.
7. Reporting abuse
If you believe a Defrost customer is violating this AUP — sending you spam, phishing you, or otherwise misusing the platform — report it immediately:
- Email: abuse@defrostmail.com (24- hour SLA per ICANN requirements)
- Include: the offending email (with full headers), the sending domain, and any other context. We will investigate and take action under §6 if substantiated.
8. Customer agreement
By using Defrost, you agree to this AUP. We may update this AUP from time to time; the “Last updated” date at the top of this page reflects the most recent revision. Continued use of the service after a revision constitutes acceptance of the updated AUP. Material changes will be notified to your account's primary contact via email at least 30 days in advance.
9. Relationship to other policies
- Terms of Service — the master agreement between you and Defrost
- Privacy Policy — how we handle personal data
- Data Processing Agreement — for customers requiring a signed DPA
- Security — our security posture and compliance footing
- Sub-processors — the third parties that touch your data
10. Contact
- Questions about this AUP: hi@defrostmail.com
- Abuse reports: abuse@defrostmail.com
- Security disclosures: security@defrostmail.com