Email Compliance
Last updated: April 11, 2026
Anti-Spam by Default
Mailsflux enforces anti-spam best practices at the infrastructure level. All sending domains must pass SPF, DKIM, and DMARC verification before mail can be sent. Accounts with complaint rates exceeding 0.1% are automatically flagged for review.
SPF / DKIM / DMARC
Every sending domain on Mailsflux is required to publish valid SPF and DKIM records, and we strongly recommend enabling a DMARC policy of at least p=quarantine. Our dashboard provides a step-by-step DNS setup wizard and a real-time compliance checker.
GDPR Compliance
Mailsflux is designed to help you comply with GDPR. We provide Data Processing Agreements (DPAs) for all customers, support data deletion request APIs, and allow you to configure data residency for EU data. We never process recipient personal data for any purpose other than delivery.
CAN-SPAM & CASL
Our platform enforces CAN-SPAM requirements for commercial email: every marketing message must include a physical mailing address and a functional unsubscribe mechanism. Unsubscribe requests are processed within 10 business days. Canadian senders benefit from CASL-compliant consent tracking.
Bounce & Complaint Management
Mailsflux automatically processes hard bounces and spam complaints received from major ISPs via feedback loops. Hard-bounced addresses are suppressed globally within your account. If your complaint rate exceeds 0.08%, you will receive an automated alert — at 0.1% your account is reviewed.
IP Warm-up & Reputation
New sending IPs are automatically warmed up using a scheduled ramp — starting at 100 emails/day and increasing over 14 days. This protects your domain reputation from day one. Dedicated IP pools are available on Growth and Enterprise plans for senders with consistent volume.
Compliance FAQ
Do I need consent to send email through Mailsflux?
For transactional email (receipts, password resets, order confirmations), consent is implied by the user completing the relevant action. For marketing or promotional email, you must have explicit opt-in consent from your recipients. Mailsflux provides tools to help you manage consent records.
How does Mailsflux handle GDPR for email recipients?
Mailsflux acts as a data processor for recipient email addresses and engagement data. You are the data controller. We provide a DPA upon request, support data deletion via API, and offer EU data residency for Enterprise customers. We never use recipient data for any purpose other than delivery.
What happens if my domain gets blocklisted?
Mailsflux monitors your sending domains against major blocklists in real time. If a blocklisting is detected, you are notified immediately via email and in-dashboard alert. Our deliverability team can assist with remediation steps and delisting requests.
Can I send physical mail internationally?
Yes. Mailsflux Physical Mail API supports delivery to 180+ countries via carrier partners including DHL and FedEx. You are responsible for ensuring that the content of physical mail complies with the postal regulations of the destination country.
How do I get a Data Processing Agreement (DPA)?
All customers can download our standard DPA from the compliance section of the dashboard. Enterprise customers can request a custom DPA by contacting [email protected]. The DPA covers processing of recipient personal data and is GDPR-compliant.
What is your policy on purchased email lists?
Mailsflux prohibits the use of purchased, rented, or harvested email lists. All recipients must have explicitly opted in to receive communications from you. Using bought lists is a violation of our Terms of Service and will result in account suspension.
Compliance Contact
For compliance-related questions, email [email protected]. To report abuse, contact [email protected].