trustyourinbox
← All legal

Acceptable Use Policy

Last updated: 2026-04-29

This Acceptable Use Policy is part of our Terms of Service. It describes what kinds of use are allowed (and what aren't) on trustyourinbox. We keep it short.

Domain ownership

Only monitor domains you own or have explicit written authorization to monitor. This is the foundational rule. Adding a domain you don't control is a violation, even if the domain doesn't currently use DMARC. We may suspend accounts that we have reasonable grounds to believe are monitoring domains without authorization.

Prohibited uses

You may not use trustyourinbox to:

  • Send phishing, spam, malware, or any unsolicited bulk email. The service is for inbound monitoring of DMARC reports, not for sending. But your use of the broader email ecosystem in connection with this account is subject to this rule.
  • Operate phishing, fraud, or impersonation infrastructure. Including domains that exist primarily to impersonate other brands.
  • Distribute illegal goods or services (controlled substances, weapons where prohibited, stolen credentials, etc.).
  • Host or distribute child sexual abuse material (CSAM). Zero tolerance, immediate termination, reported to authorities.
  • Run classic crypto scams (rug pulls, fake giveaways, address-poisoning, impersonating exchanges).
  • Reverse engineer, scrape, or attempt to bypass plan limits, rate limits, the AUP gate, or any other technical control.
  • Create multiple free-tier accounts to bypass per-account caps.
  • Automate the public tools (DMARC audit, SPF tester, DKIM verifier) beyond what reasonable manual use looks like. The free tier is rate-limited at 10 checks per IP per hour; coordinated automation across IPs to evade this is a violation.
  • Use the service to harass, defame, or harm any person or organization.
  • Probe for security vulnerabilities without explicit written authorization. We welcome responsible disclosure — see Security below.

The AUP gate

When you add a domain, we run a content classifier against the public homepage to catch unambiguous violations (phishing brand impersonation, illegal-goods marketplaces, explicit CSAM/adult, classic crypto scams). The gate defaults to safe — only clearly-violating content is blocked. Email-only domains, subdomains, brand-new domains, internal hosts, and parked sites are all allowed through. The gate is a backup to your own commitment to honest use, not a replacement for it.

Reporting abuse

If you've discovered a domain on the platform being used in violation of this AUP, report to dmistry@yourhostdirect.com with subject line [abuse]. Include the domain in question and a brief description. We respond within 48 hours.

Reporting security vulnerabilities

Responsible-disclosure reports go to the same address with subject [security]. We don't run a paid bug bounty yet, but we credit researchers in our security page if you'd like that, and we won't pursue legal action against good-faith researchers who follow standard responsible-disclosure norms (don't exfiltrate data, don't disrupt service, give us reasonable time to fix before disclosure).

Enforcement

We may issue a warning, suspend the account, terminate the account, refuse refunds, or report violations to law enforcement, depending on the severity of the violation. For most violations we'll start with a warning. For severe violations (CSAM, active phishing, fraud), we'll terminate without warning.

Changes

We may update this AUP. Material changes get email notice with reasonable advance time.

See also: Terms of Service · Privacy Policy · Security.