Anti-Spam Policy

This Anti-Spam Policy sets out the rules applicable to the sending of emails (transactional, promotional, bulk) through services provided by Rollin Host, including hosting plans with SMTP, corporate email, VPS with a mail server, and any channel originating messages from our infrastructure or from domains under our DNS management.

Rollin Host maintains a zero-tolerance stance on spam: we are signatories to the principles of the MAAWG (Messaging Anti-Abuse Working Group) and follow international best practices (CAN-SPAM Act, GDPR, LGPD).

• Spam: a commercial message sent in bulk without the prior, express and specific consent of the recipient.
• Opt-in: the act by which the recipient expressly authorizes the receipt of messages from a brand/sender.
• Double opt-in: email confirmation (confirmation link) after the initial opt-in. Recommended standard.
• Opt-out: the act by which the recipient withdraws prior authorization. Must be honored within 72 hours.
• Dirty list: a list of email addresses purchased, rented, scraped or obtained without consent. Prohibited.
• Bounce: rejection of the email by the recipient server.
• Reputation: score assigned by providers (Gmail, Outlook, etc.) to the sending IP/domain.

The Customer undertakes to:

1. Send messages only to recipients who have granted express consent specifically to receive communications of that nature.
2. Maintain an auditable record of consent (date, time, IP address, form, content of the checked box).
3. Clearly identify itself as the sender (name, company name, tax ID, physical address).
4. Accurately indicate the nature of the message (transactional, promotional, newsletter).
5. Provide an opt-out mechanism that is visible, free of charge and actionable in 1 click in every promotional message.
6. Process opt-outs within 72 hours.
7. Not send to recipients who have flagged a spam complaint or triggered a hard bounce.

Every recipient must have granted express consent to receive emails. The following are prohibited:

• Lists that are purchased, rented, inherited through merger/acquisition without a new opt-in, or scraped (scraped) from public websites, social networks or LinkedIn.
• Lists obtained at conferences, trade shows or events without express and specific opt-in for the type of message.
• Registrations via co-registration without double confirmation.
• Lists generated by email harvesters, scrapers or combinatorial address generators.

We strongly recommend using double opt-in (confirmation link in the first email). It reduces spam complaints by up to 70% and protects your domain reputation.

The limits below apply to plans without a dedicated SMTP upgrade:

For higher volumes or bulk sending (legitimate campaigns with opt-in lists), the Customer must engage a specialized ESP (Amazon SES, Mailgun, Resend, SendGrid) or request a dedicated SMTP plan at juridico@rollinhost.com.br.

For domains sending more than 50 emails per day via Rollin Host, configuring the following is mandatory:

• SPF (Sender Policy Framework) — a TXT record authorizing the IPs/services allowed to send on behalf of the domain.
• DKIM (DomainKeys Identified Mail) — a cryptographic signature applied to outbound emails.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) — a policy for handling messages that fail SPF/DKIM, with a reporting address.

Since February 2024, Gmail and Yahoo have required SPF + DKIM for any sender dispatching more than 5,000 emails per day, and DMARC with a minimum policy of p=none. Non-compliant messages are rejected or marked as spam by recipient servers — beyond Rollin Host control.

Step-by-step guides are available at /docs/painel/email-imap-smtp.

The following are strictly prohibited:

1. Sending messages with deceptive content in the subject, sender or body (From, Subject and Reply-To must be accurate).
2. Forging headers (From, Return-Path, Received) or using third-party domains without authorization.
3. Sending phishing, fraud, advance-fee scams, fake invoices, government impersonation, etc.
4. Distributing malware or links leading to malicious websites.
5. Sending to recipients who have unsubscribed, filed a spam complaint or appear on suppression lists.
6. Sending messages with a disproportionate rate of spam complaints (above 0.3%) or hard bounces (above 5%).
7. Operating bulk mailing services (mass sending provider for third parties) on plans that do not explicitly include that authorization.
8. Hosting email lists for sale, rental or transfer.

Rollin Host actively monitors:

• Sending volume and patterns in real time.
• Feedback loops from major providers (Gmail, Microsoft, Yahoo, AOL, UOL).
• Inclusion of our IPs on public blocklists (Spamhaus SBL/CSS/XBL, Barracuda, SORBS, Senderbase, etc.).
• Abuse reports received at abuso@rollinhost.com.br or /reportar-abuso.

If a Rollin IP is placed on a blocklist due to the Customer, the Customer is responsible for all remediation costs (delisting fees, potential migration to a new IP) and for any damages caused to other customers sharing that IP.

Applicable cumulatively according to severity:

1. Warning and remediation within 24 hours (first minor violation).
2. Temporary suspension of email sending (1-7 days).
3. Immediate suspension with no set end date, in cases of phishing, mass spam or critical blocklist listing (Spamhaus SBL).
4. Forced migration to isolated outbound SMTP (technical penalty to protect the reputation of other customers).
5. Contract termination without refund and block on future sign-ups.
6. Recovery of damages from the Customer (delisting fees, reputation loss) and from third parties harmed.
7. Reporting to authorities in cases of fraud, phishing or cybercrime.

If the Customer is a reseller (reseller plans) or hosts multiple sites/clients:

• It must pass this Anti-Spam Policy on to its end customers.
• It is jointly and severally liable for violations committed by its end customers, without prejudice to its right of recourse.
• It must maintain an abuse reporting mechanism and respond within 24 hours to complaints from Rollin Host.

• Report spam: abuso@rollinhost.com.br or /reportar-abuso
• Technical questions (SPF/DKIM/DMARC): tickets through the control panel
• Negotiate a dedicated SMTP plan: juridico@rollinhost.com.br