Acceptable Use Policy

This Acceptable Use Policy (the "AUP") applies to every account, every user authorized on a Customer's tenant, every mailbox, every alias, and every message sent or received through Skyline Cloud Email. It is incorporated by reference into the Terms of Service.

The Customer is responsible for ensuring compliance by all of its users. A breach of this AUP by any authorized user will be treated as a breach by the Customer.

You must not use the Service to send, receive, store, host, transmit, or facilitate any of the following:

• Unsolicited bulk or commercial mail (spam). Every outbound message must be sent to recipients who have a current, demonstrable, opt-in relationship with the sender. Use of purchased lists, scraped addresses, or recipient lists obtained without explicit consent is prohibited. Sending must comply with RFC 5321 (SMTP) and RFC 5322 (Internet Message Format), and outbound mail must accurately identify the sender, the sender's organization, and the originating domain.
• Phishing, fraud, or impersonation. Sending mail that purports to come from a person or organization other than its true sender, that solicits credentials, payment-card data, one-time codes, or financial information under false pretences, or that operates as part of any scam scheme.
• Malware, ransomware, or exploit payloads. Distributing software designed to damage, disable, gain unauthorized access to, or otherwise compromise any system or data.
• Child sexual-abuse material (CSAM). Storage, transmission, or distribution of any sexual material depicting a minor. Skyline applies a zero-tolerance rule: any account found to contain CSAM will be terminated immediately and reported to the competent Saudi authorities. There is no warning, no cure period, and no refund.
• Content that violates the laws of the Kingdom of Saudi Arabia, including without limitation the Anti-Cyber Crime Law (Royal Decree No. M/17 of 8/3/1428H), the Anti-Information Crimes Law, content prohibited by the Communications, Space & Technology Commission (CST), and any content prohibited by Saudi public order, public morals, or national-security regulations.
• Unauthorized access attempts. Probing, scanning, or attempting to breach the security of the Service or any system reachable from the Service. Penetration testing of the Service is permitted only under our security-disclosure programme — see security@alskyline.com for coordination.
• Network abuse. Forging mail headers, spoofing, open relays, mail loops, denial-of-service traffic, or any conduct intended to degrade Service performance for other customers.
• Cryptocurrency mining or other resource-abuse workloads running inside the mail platform.
• Hateful, harassing, or threatening content directed at individuals or protected groups.
• Infringement of intellectual-property rights, including unauthorized distribution of copyrighted works.
• Circumventing rate or quota limits by any means, including by registering multiple accounts to evade per-account limits.

To protect Service reputation and the deliverability of all customers, Skyline applies the following default outbound-mail limits. The limits below are starting points; customers with legitimate higher-volume needs may request an increase by contacting support@alskyline.com with a description of their use case and confirmation of their list-hygiene practices.

• Outbound messages per mailbox per rolling 24 hours: 1,000 by default.
• Outbound recipients per single message: 200 by default (To + CC + BCC combined).
• Outbound message size: 50 MB including attachments by default.
• Mailboxes per domain on the Business plan: up to 100 by default. Higher caps available on request.
• Concurrent SMTP submissions per account: 25 by default.

Hitting a default limit results in a soft-deferral (4xx) response from our submission MTAs, not silent loss. Customers can monitor their own send-rate in the Deliverability dashboard.

Sustained behaviour that materially deviates from a Customer's historical baseline — for example, a sudden 50× jump in send-volume, or a sharp rise in bounce or complaint rate — may trigger an automatic temporary throttle while we contact the Customer.

Customers sending bulk or transactional mail must follow good list-hygiene practices. In particular:

• Maintain consent. Be able to demonstrate, on request, the opt-in source for every recipient on your list.
• Honour unsubscribe requests promptly. Marketing mail must include a working unsubscribe mechanism, processed within 10 days of receipt at the latest.
• Authenticate. Use the SPF, DKIM, and DMARC configuration that the Service generates for your domain. Skyline will not assist a customer in deploying lax DMARC policies that would conceal abuse.
• Watch your bounce and complaint rates. A complaint rate above 0.3% or a hard-bounce rate above 5% over a rolling 24-hour window will trigger a deliverability review.
• Segment your traffic. Where appropriate, separate transactional, marketing, and administrative mail across distinct subdomains.

Skyline does not read the Customer's mail in the ordinary course of operating the Service. Customer Content is treated as confidential as described in the Privacy Policy.

However, where Skyline has a reasonable basis to believe that an account is being used in violation of this AUP — for example, an unusually high spam-complaint rate, a malware signature triggered in the antivirus pipeline, an order from a competent authority, or a credible third-party report — Skyline reserves the right to inspect the relevant message metadata and, where necessary, the message body, solely for the purpose of investigating and remediating the suspected violation.

Every such inspection is logged in the immutable internal audit log with the identity of the investigator, the timestamp, the scope of the inspection, and the reason. Where it is lawful to do so, the affected Customer will be notified of the inspection within a reasonable time.

Skyline applies a graduated enforcement procedure designed to give Customers a meaningful opportunity to remediate before the Service is suspended.

• Strike 1 — Notice. Skyline will email the registered administrator describing the suspected violation, the affected mailboxes or domains, and the remediation required. The Customer is asked to acknowledge and remediate.
• Strike 2 — Warning. If the conduct continues or recurs, Skyline will issue a formal warning email and may temporarily throttle outbound mail from the affected account.
• Strike 3 — Final notice. A final warning is issued, with a clear cure window of 24 hours from the timestamp on the email. The email states the consequence of non-cure (suspension and, if uncured further, termination).
• Suspension. If the Customer fails to cure within the 24-hour window, Skyline will suspend outbound mail flow on the affected mailboxes. The Customer's ability to receive mail and read existing mail is preserved during the suspension to the extent technically practicable.
• Termination. Continued non-compliance after suspension may lead to termination of the affected Service in accordance with the Terms of Service.

Skyline reserves the right to skip directly to suspension or termination without prior strikes for severe violations — including but not limited to the distribution of CSAM, the active distribution of malware, fraud or impersonation campaigns in progress, or any conduct that creates an imminent risk of harm to other users or to the integrity of the Service.

If you have received mail through Skyline Cloud Email that you believe to be abusive, please report it to abuse@alskyline.com. Where possible, include:

• The full message headers (not just the visible From/Subject).
• A copy of the message body (or, if the body is sensitive, a description of why you believe it is abusive).
• The date and time of receipt and your time zone.

Skyline acknowledges abuse reports within 24 hours and provides an outcome update within 7 days. Reports submitted in good faith will not be shared with the reported party in a way that identifies you, except to the extent required by law.

Skyline may update this AUP from time to time to reflect operational reality, regulatory change, or new categories of abuse encountered in practice. Material changes will be announced under the same 30-day notice mechanism as the Terms of Service.

• Abuse reports: abuse@alskyline.com
• Security disclosures: security@alskyline.com
• Customer support: support@alskyline.com