Legal
Anti-Spam & Acceptable Use Policy
AgentleBots (operating name; see Section 9 for sender identification) Website: agentlebots.com Effective Date: July 5, 2026 Last Updated: July 5, 2026
1. Position & Scope
AgentleBots maintains a zero-tolerance policy toward unsolicited bulk email that violates applicable law or the standards set out below. This policy governs:
- All outreach AgentleBots sends under its own name — prospecting to niche-specialist contingent recruitment agencies to sell the MPC Showcase and candidate-sourcing engagement as services.
- All outreach AgentleBots initiates, drafts, sends, or manages on behalf of a client, including outreach sent under the client's own brand, domain, and mailbox identity. This covers both the MPC Showcase model (marketing a client agency's candidates to hiring managers) and the candidate-sourcing engagement (outreach conducted to source and engage candidates on the client's behalf). This accounts for the majority of AgentleBots' sending volume and is fully in scope.
Under the CAN-SPAM Act, liability attaches both to the business whose product or service is promoted and to whoever initiates the message. Engaging an agency to send on a business's behalf does not relieve either party of liability. AgentleBots is an initiator on every client campaign it runs, regardless of whose brand appears in the message header, and this policy governs AgentleBots' conduct on every email it causes to be sent — not only email bearing the AgentleBots name.
Any contractor or subcontractor engaged by AgentleBots is bound by this policy as a condition of performing that work.
2. Definitions
- Spam — Unsolicited bulk commercial email sent without a legitimate opt-out mechanism, sent to addresses obtained through harvesting, scraping, purchase, or rental, or sent in violation of applicable law.
- Commercial Email — Any electronic message whose primary purpose is the commercial advertisement or promotion of a product, service, or candidate/role opportunity, as defined under the U.S. CAN-SPAM Act (15 U.S.C. § 7701 et seq.). Whether an MPC Showcase email — marketing a candidate to a hiring manager — meets CAN-SPAM's literal "product or service" language has not been definitively settled by courts or FTC guidance. This policy treats every MPC Showcase email as commercial email and applies the full compliance standard set out below, regardless.
- Lawful Basis for Contact — This policy addresses lawful-basis requirements separately
by jurisdiction, since CAN-SPAM, CASL, and GDPR/UK GDPR do not share a common legal standard for
contacting a recipient:
- United States (CAN-SPAM): No consent is required. CAN-SPAM is an opt-out regime — a first commercial email may be sent to a recipient with no prior relationship, provided every other requirement below is met (accurate headers, honest subject line, physical address, working opt-out, honored opt-out).
- Canada (CASL): Implied consent only, on one of two bases — an existing business relationship, or a conspicuously published business email address where the message is relevant to the recipient's role. No blanket basis to contact Canadian recipients exists outside these two categories.
- EU/UK (GDPR/UK GDPR): Legitimate interest under Article 6(1)(f) — a distinct legal basis from consent, requiring a documented balancing test weighing the sender's interest against the recipient's rights and reasonable expectations. In practice, AgentleBots maintains documented, target-specific research for every prospective recipient prior to outreach, establishing the factual basis for why the interaction serves the legitimate interests of both parties. AgentleBots does not currently conduct outreach to individuals or organizations in the UK, EU, or Canada; this section describes the standard AgentleBots applies in the event that scope changes. This basis is not described as "consent" in any client-facing or public document.
- Masked / Secondary Domain — Any domain other than a business's primary live domain, used for prospect-facing sending as part of AgentleBots' standard technical infrastructure. Every masked domain used by or for AgentleBots — whether AgentleBots' own or a client's — must meet the standards in Section 5.
- Client Campaign — Any outreach initiated, drafted, sent, or managed by AgentleBots on behalf of a client, regardless of whose brand, domain, or mailbox identity carries it.
- Sender — AgentleBots, its founder, and any contractor or subcontractor sending on AgentleBots' behalf, for both AgentleBots' own outreach and every Client Campaign.
3. Prohibited Practices
Without exception, for both AgentleBots' own outreach and every Client Campaign, the following are prohibited:
- Purchased, rented, harvested, or scraped lists with no verifiable business-relevance basis. Sourcing hiring-manager or candidate contact data from public professional sources (e.g., LinkedIn, company websites) for a role-relevant purpose is permitted. Buying undifferentiated consumer or business email lists with no relevance filter is not.
- Falsified or misleading headers. "From," "To," and "Reply-To" fields must accurately identify the sending domain and a real, monitored mailbox — whether an AgentleBots mailbox or a client's mailbox on a Client Campaign.
- Deceptive subject lines, including fake "Re:" threading, false urgency, or implying a prior conversation that did not occur.
- Domains or mailboxes that do not meet the provisioning standards in Section 5.
- Missing physical address. Every commercial email — AgentleBots' own or a Client Campaign — must disclose a valid physical postal address for the operating business. A street address, a registered P.O. Box, or a private mailbox registered with a commercial mail-receiving agency all satisfy this requirement under FTC guidance.
- No opt-out mechanism, or a broken one. Every commercial email must include a clear, functioning way to decline further contact.
- Ignoring opt-outs. Opt-out and unsubscribe requests are honored permanently across all sending domains operated on behalf of the specific client engagement in which the request was received, and independently within AgentleBots' own outreach infrastructure. Any recipient who reports a message as unwanted, rather than submitting a standard unsubscribe request, is added to a permanent suppression record scoped the same way. Suppression records are not shared across separate client engagements, consistent with AgentleBots' data isolation practices between clients.
- Compromised, relayed, or unauthorized sending infrastructure, including open relays, botnets, or infrastructure not owned or contractually controlled by AgentleBots or the client.
- Excessive volume to a single organization. Outbound email contact to any single target organization is capped at 5 emails within a rolling 7-day period, aggregated across all sending domains operated on behalf of a given client engagement, and independently within AgentleBots' own outreach infrastructure. This cap is not aggregated across separate client engagements, consistent with AgentleBots' data isolation practices between clients. Contact to a target organization stops immediately upon any reply, unsubscribe request, or hard bounce, regardless of the weekly cap.
- Prohibited subject matter, including illegal goods or services, adult content, weapons, controlled substances, predatory lending, "get rich quick" schemes, or defamatory or harassing content.
- Ignoring bounce and complaint signals, including continued sending to addresses generating repeated hard bounces, or disregarding spam-complaint feedback.
4. Standards for Permitted Outreach
AgentleBots sends targeted, role-relevant B2B outreach — its own prospecting, and, more heavily, Client Campaigns marketing candidates to hiring managers. This is legal, targeted outreach, not spam, provided every message meets all of the following:
- CAN-SPAM compliance on every message: accurate headers, a non-deceptive subject line, a physical postal address, and a working opt-out. Opt-outs are honored within 24 hours, well inside the 10-business-day maximum required by statute.
- Authentication before any prospect-facing send. SPF, DKIM, and a published DMARC policy must be live and verified on every sending domain before that domain is used for prospect-facing email. See Section 5 for AgentleBots' domain provisioning standards.
- List hygiene. Contact data is sourced from public professional information (LinkedIn, company websites, industry directories) or a client's own warranted data (Section 6), checked for validity before sending, with stale or unengaged contacts suppressed rather than re-mailed indefinitely.
- Complaint and bounce discipline. Spam-complaint rate and bounce rate are monitored per sending domain and per client engagement. Any domain showing abnormal complaint or bounce activity is automatically paused pending investigation. This applies to Client Campaign domains exactly as it applies to AgentleBots' own.
- Canadian recipients: CASL implied-consent basis only (existing business relationship, or conspicuously published, role-relevant contact information), full sender identification, and an unsubscribe mechanism in every message.
- EU/UK recipients: Legitimate interest basis under GDPR/UK GDPR, limited to genuinely role-relevant business communications, with objection and opt-out requests honored immediately.
5. Domain & Mailbox Provisioning Standards
5.1 — Warmup and authentication. No domain is used for prospect-facing sending until it has completed a structured, authenticated warm-up period demonstrating consistent positive engagement and low bounce rates, and until SPF, DKIM, and DMARC have been live and verified for a sustained period. AgentleBots enforces internal minimums for both requirements as a condition of any domain entering prospect-facing rotation.
5.2 — WHOIS privacy. Registrar-standard WHOIS privacy services may be used on any domain, and their use does not violate this policy. What is prohibited is falsifying WHOIS data outright, or using a privacy service specifically to obstruct a legitimate abuse investigation, subpoena, or opt-out fulfillment request.
5.3 — Every sending domain must resolve to something real. A parked or blank domain does not satisfy this policy. Every domain used for sending — AgentleBots' own or a client's — must either host a live page identifying the operating business, or 301-redirect to one. AgentleBots' own masked domains, including agentlebots.org, redirect to this website (agentlebots.com), which identifies the operating business and hosts this policy. Client-branded masked domains must redirect to the client's live website or a client-approved landing page before the domain enters prospect-facing rotation.
5.4 — Workspace and domain isolation per client. No domain or mailbox pool is shared across two different clients' campaigns. A list-quality problem or complaint spike on one client's campaign must not be able to damage another client's sender reputation, or a domain AgentleBots uses for its own prospecting.
6. Client Campaign Standards
For every Client Campaign:
- This entire policy applies in full — Sections 3, 4, and 5 — regardless of whether the client's name or AgentleBots' name appears in the email. AgentleBots is an independent initiator under CAN-SPAM on every Client Campaign and carries independent exposure regardless of branding.
- Client data warranty. Where a client supplies contact data (e.g., its own candidate network, referral sources, or prior applicant pool), the client warrants that it has a lawful basis to use that data for outreach. AgentleBots may rely on that warranty but will spot-check list provenance before sending.
- Indemnification. If a client's data warranty proves false and creates blacklist exposure, a complaint investigation, or regulatory liability, remediation costs and any penalty exposure attributable to that client's data are the client's responsibility. This obligation is set out in the applicable client services agreement between AgentleBots and the client.
- Basis for contact. Targeting hiring managers who are actively hiring for a specific, matching role, using publicly available professional contact information, is a well-supported basis for contact under CAN-SPAM and CASL's implied-consent doctrine. This basis does not remove the requirement for a physical address, a working opt-out, and prompt honoring of opt-out requests on every message.
7. Complaint Handling & Abuse Reporting
Report suspected violations to:
- abuse@agentlebots.com / abuse@agentlebots.org
- postmaster@agentlebots.com / postmaster@agentlebots.org
These addresses, and the equivalent addresses at any other domain AgentleBots operates for sending, are actively monitored. Abuse reports are investigated and responded to within 2 business days. A substantiated complaint results in immediate suppression of the reporting recipient's address across all sending domains operated on behalf of the specific client engagement in which the complaint arose, consistent with the suppression scoping in Section 3.
8. Enforcement
AgentleBots may immediately suspend or terminate sending on any domain, mailbox, or client engagement found in violation of this policy, without prior notice, independent of whether the underlying conduct would separately violate CAN-SPAM, CASL, GDPR, or another applicable law.
9. Sender Identification
- Legal name for purposes of this policy and required disclosures: Md Ayan Hussain
- Physical address for CAN-SPAM disclosure: Flat No. 706, Daffodil, Siddha Waterfront, Rahara, Titagarh, Kolkata, West Bengal, India - 700119
This section will be updated to reflect any change in the entity or individual responsible for the outreach this policy governs.
10. Changes to This Policy
This policy is reviewed whenever sending infrastructure, client engagement structure, or applicable law changes materially. The "Last Updated" date reflects the most recent substantive revision.
11. Contact
AgentleBots
Md Ayan Hussain
Flat No. 706, Daffodil, Siddha Waterfront, Rahara, Titagarh, Kolkata, West Bengal, India - 700119
contact@agentlebots.com / contact@agentlebots.org /
agentlebots@gmail.com
This policy governs all commercial email sent by AgentleBots or on its behalf, including Client Campaigns sent under a client's own brand identity, per Section 1.
Last updated: July 5, 2026