Acceptable Use Policy.

1. Purpose

This Acceptable Use Policy ("AUP") establishes the rules and guidelines governing the use of the SpoofWard Platform by MSP Partners and their Clients. The purpose of this policy is to ensure that all users of the Platform engage in fair, safe, and legal activities that do not compromise the security, performance, or reputation of SpoofWard or its community of Partners and Clients.

This AUP is incorporated into and forms part of the MSP Partner Agreement between T&C Technologies LTD (trading as SpoofWard) and the Partner. By accessing or using the Platform under an MSP Plan, you acknowledge that you have read, understood, and agree to comply with this AUP.

SpoofWard reserves the right to enforce this AUP at its sole discretion and to take action against any Partner or Client whose activities are found to violate these guidelines.

2. Permitted Use

The SpoofWard Platform is designed to be used for the following legitimate purposes:

• Email Security Monitoring: Monitoring and analyzing DMARC aggregate and forensic reports, SPF/DKIM alignment, and email authentication posture for domains that the Partner or their Clients own or are authorized to manage.
• DNS Health Checking: Scanning and monitoring DNS records (SPF, DKIM, DMARC, MX, TLS-RPT, BIMI) for correctness, completeness, and compliance with best practices.
• DMARC Analysis & Reporting: Ingesting, parsing, visualizing, and reporting on DMARC data to improve email deliverability and protect against spoofing and phishing threats.
• Client Management: Using the multi-tenant MSP dashboard to onboard, configure, monitor, and manage Client accounts and domains.
• Threat Detection: Identifying unauthorized email senders, spoofing attempts, domain impersonation, and other email-based threats targeting monitored domains.
• API Integration: Using the SpoofWard API within the rate limits and terms of your MSP Plan to integrate Platform data and functionality into your own tools, dashboards, and workflows.
• White-Label Services: Rebranding and presenting the Platform under your own brand identity to your Clients, as permitted by your MSP Plan tier.

3. Prohibited Activities

The following activities are strictly prohibited when using the SpoofWard Platform. Engaging in any of these activities may result in immediate enforcement action, including suspension or termination of your account:

• Spamming or Facilitating Spam: Using the Platform, its data, or its tools to send, facilitate, or support the sending of unsolicited bulk email (spam), including using DMARC insights to improve the deliverability of spam campaigns.
• Phishing and Unauthorized Testing: Sending phishing emails, conducting social engineering attacks, or performing email spoofing tests against domains that you do not own or for which you do not have explicit written authorization from the domain owner.
• Bypassing Platform Security: Attempting to circumvent, disable, or interfere with any security features, rate limits, access controls, or authentication mechanisms of the Platform, including but not limited to brute-force attacks, credential stuffing, or session hijacking.
• Reverse Engineering: Decompiling, disassembling, reverse engineering, or attempting to derive the source code, algorithms, or underlying structure of the Platform, its software, or its API, except to the extent expressly permitted by applicable law.
• Unauthorized Reselling: Reselling, redistributing, or providing access to SpoofWard Services to third parties without an active MSP subscription. Only Partners with a valid MSP Plan are authorized to resell the Services.
• Malicious Content: Using the Platform to store, transmit, process, or distribute any malicious content, including malware, viruses, ransomware, trojans, worms, or any other harmful software or code.
• Excessive Data Extraction: Using bots, scrapers, crawlers, or automated tools to extract, harvest, or collect data from the Platform beyond the limits of the provided API and your plan's rate limits. This includes screen scraping, data mining, and automated bulk downloads.
• Impersonation: Impersonating SpoofWard staff, support agents, or representatives, or misrepresenting your affiliation with SpoofWard in any manner not authorized by the MSP Partner Agreement.
• Illegal Activities: Using the Platform for any purpose that violates applicable local, national, or international laws or regulations, including but not limited to data protection laws, export control regulations, and anti-money laundering statutes.
• Interference with Service: Taking any action that imposes an unreasonable or disproportionately large load on the Platform's infrastructure, disrupts or interferes with the proper functioning of the Platform, or negatively affects other users' experience.
• Unauthorized Access: Accessing or attempting to access accounts, data, systems, or networks that you are not authorized to access, including other Partners' accounts, Client accounts not under your management, or SpoofWard internal systems.

4. Client Responsibilities

As an MSP Partner, you bear responsibility for ensuring that your Clients comply with this Acceptable Use Policy when using the Platform through your Partner account. Specifically:

• You must communicate the terms of this AUP to your Clients and ensure they understand and agree to abide by these guidelines.
• You must include appropriate acceptable use terms in your own agreements with your Clients that are at least as restrictive as this AUP.
• You are responsible for monitoring your Clients' usage patterns and taking prompt action to address any suspected violations.
• If you become aware of any Client activity that violates this AUP, you must immediately take steps to stop the violating activity and notify SpoofWard at [email protected].
• SpoofWard reserves the right to suspend or terminate individual Client accounts under your management if those accounts are found to be in violation of this AUP, with or without prior notice to the Partner, depending on the severity of the violation.
• Repeated AUP violations by your Clients may be considered a breach of the MSP Partner Agreement and may result in enforcement action against your Partner account.

5. Resource Limits

Each MSP Plan includes specific resource allocations and usage limits designed to ensure fair access to the Platform for all Partners. You agree to respect and operate within these limits:

• API Rate Limits: Each MSP Plan tier has defined API rate limits (requests per minute and requests per day). These limits are documented in your plan details and in the API documentation. Exceeding these limits will result in throttled responses (HTTP 429) and may trigger a review of your account.
• Domain and Scan Limits: Each plan tier specifies the maximum number of domains and the frequency of scans available. You may not exceed these limits without upgrading to a higher plan tier.
• Shared Resources: The Platform operates on shared infrastructure. You must not engage in activities that consume a disproportionate share of system resources (CPU, memory, bandwidth, storage) to the detriment of other users. Examples of abusive resource consumption include running continuous bulk scans, making concurrent API requests far in excess of your rate limits, or storing excessive data beyond your plan's allocation.
• Fair Use: Even within your plan's stated limits, SpoofWard reserves the right to throttle or restrict usage that we determine, in our reasonable judgment, to be abusive or detrimental to the Platform's performance for other users. We will notify you before taking such action and work with you to find a suitable resolution.

6. Abuse Reporting

SpoofWard takes reports of platform abuse seriously and encourages all Partners and users to report suspected violations of this AUP. To report abuse:

• Send an email to [email protected] with a detailed description of the suspected abuse.
• Include any relevant evidence, such as screenshots, logs, URLs, timestamps, and the account or domain involved.
• SpoofWard will acknowledge receipt of the report within two (2) business days and will investigate the matter promptly.
• Reports may be submitted anonymously. However, providing contact information allows us to follow up with you regarding the outcome of the investigation.
• SpoofWard will not retaliate against any Partner or user who reports a suspected violation in good faith.
• False or malicious abuse reports submitted with the intent to harm another Partner or user may themselves constitute a violation of this AUP.

7. Enforcement Actions

SpoofWard reserves the right to take enforcement action against any Partner or Client found to be in violation of this AUP. Enforcement actions are proportional to the severity and frequency of the violation and may include:

Warning

For a first minor violation, SpoofWard will issue a written warning via email, identifying the specific violation and requesting that the Partner take corrective action. The Partner will be given a reasonable timeframe (typically 7 days) to resolve the issue and confirm compliance.

Temporary Suspension

For repeated minor violations, moderate violations, or failure to resolve a previously warned issue, SpoofWard may temporarily suspend the Partner's account and all associated Client accounts. During suspension, access to the Platform will be restricted. The Partner will be notified of the suspension, the reason for it, and the steps required to reinstate the account. Suspension periods typically range from 24 hours to 30 days, depending on the nature and severity of the violation.

Permanent Termination

For severe violations, illegal activity, or continued violations after temporary suspension, SpoofWard may permanently terminate the Partner's account and all associated Client accounts. Permanent termination may be executed immediately and without prior warning in cases where the violation poses an immediate threat to the Platform, other users, or the public. The Partner will be notified of the termination and the reason for it.

No Refund for AUP Violations

If a Partner's account is terminated due to a violation of this AUP, no refund of any kind will be issued for any prepaid fees, including subscription fees, setup fees, or any other charges. This applies regardless of the remaining time on the Partner's subscription or billing period.

8. Monitoring

SpoofWard may monitor usage patterns and system activity on the Platform for the purpose of detecting, preventing, and responding to abuse, security threats, and violations of this AUP. The following terms govern monitoring activities:

• Automated Monitoring: SpoofWard employs automated systems to monitor for unusual usage patterns, excessive resource consumption, rate limit violations, and other indicators of potential abuse. These systems generate alerts for review by SpoofWard's operations team.
• No Content Inspection: SpoofWard does not inspect the content of DMARC reports, emails, or other data processed through the Platform for purposes of AUP enforcement. Monitoring is limited to metadata, usage patterns, system logs, and resource consumption metrics.
• Security Monitoring: SpoofWard monitors for unauthorized access attempts, vulnerability exploitation, and other security-related events. This monitoring is essential for maintaining the integrity and security of the Platform for all users.
• Data Handling: Any data collected through monitoring activities is handled in accordance with SpoofWard's Privacy Policy and applicable data protection laws. Monitoring data is used solely for the purposes described in this section and is not shared with third parties except as required by law.
• Transparency: If SpoofWard takes enforcement action based on monitoring data, the Partner will be informed of the general nature of the violation detected. SpoofWard may not disclose specific monitoring techniques or thresholds, as doing so could compromise the effectiveness of our abuse detection systems.

9. Modifications

SpoofWard reserves the right to modify this Acceptable Use Policy at any time. For material changes that affect the obligations or rights of Partners, we will provide at least thirty (30) days' written notice via email to the Partner's registered contact address before the changes take effect.

The updated AUP will be posted on the SpoofWard website with a revised "Last Updated" date. Partners are encouraged to review this AUP periodically to stay informed of any changes.

Non-material changes, such as clarifications, formatting updates, or additions to the list of examples that do not change the substance of existing rules, may be made without prior notice.

Your continued use of the Platform after the effective date of any modifications constitutes your acceptance of the updated AUP. If you do not agree with the modified terms, you must cease using the Platform and terminate your MSP subscription before the changes take effect.

10. Contact