Skip to content
Sendora
Create account
Legal

Acceptable Use Policy

What you can and can't send through Sendora. These rules protect recipients, our sending reputation, and every other customer on the platform. Violations may result in immediate suspension. Last updated 2026-04-19.

You must not use Sendora to send

Unsolicited bulk email (spam). Every recipient on any list you import must have affirmatively opted in. Purchased, scraped, or appended lists are prohibited.

Phishing, impersonation, or fraud. Messages pretending to originate from a brand or individual you don't represent, or that attempt to harvest credentials, payment details, or other sensitive information.

Malware, exploits, or links to sites hosting either.

Content that is illegal in the jurisdictions of the sender or recipient, including content that infringes copyright, trademark, or privacy rights.

Pornographic content addressed to recipients who have not affirmatively opted in to receive it.

Content promoting violence, self-harm, terrorism, or discrimination against protected classes.

Compliance requirements

Marketing and promotional messages must comply with CAN-SPAM (US), CASL (Canada), GDPR (EU/EEA), and any other applicable laws. This includes a physical mailing address, a clear sender identity, and a working unsubscribe mechanism in every message.

Sendora automatically injects a RFC 8058 one-click unsubscribe footer on any message sent with category "broadcast". Do not attempt to strip, obscure, or override this footer.

Recipient unsubscribe requests are honored within one business day across all of your future sends via Sendora. Our suppression list is enforced at the API layer and cannot be bypassed by customer code.

Bring Your Own Domain (BYOD) is required for the Email module, workflow email steps, and broadcasts. You send from a domain you own; you are responsible for the reputation of that domain.

Rate and volume

Sending is subject to per-plan quotas (see pricing) and a short-term burst cap of 60 sends per minute per organization. New organizations are placed in a 30-day probation period with tighter limits and no broadcast category.

Sustained bounce rate above 5% or complaint rate above 0.1% over any 24-hour window triggers an automated review of your account. Repeat incidents lead to suspension.

How we respond to violations

On first violation: we may pause sending, add affected recipients to your suppression list, and contact you for remediation.

On repeat or severe violations: we terminate the account and notify AWS SES (our upstream provider). We preserve evidence for legal response where applicable.

We do not notify senders in advance of enforcement actions for phishing, fraud, or abuse clearly in bad faith.

Reporting abuse

Email abuse@sendoracloud.com with the full message including headers ("Show original" in Gmail, "View Source" in most clients). We acknowledge reports within 24 hours.

Security vulnerabilities should be reported via /security.txt or security@sendoracloud.com; we follow coordinated disclosure.