Responsible email sending guide
SPAM is illegal in some countries, including Australia.
Your application should ensure that emails are never sent to users that have not explicitly requested them.
If our services are disrupted because of a server blacklisting, this has serious implications for all of our customers. If your application is the cause of the blacklisting, we will recover costs and/or damages from you directly.
Best Practise
When someone signs up, always use a double-opt-in, manual-registration method.
This method ensures that:
- bots and spiders cannot register 100's of email addresses on your system
- the customer email address has been checked to be correct
- the customer has verified that they want to sign up to your service
- the customer has a clear way of cancelling your service, even if they forget their password
Implementation:
- ask users to enter a code when registering, and place that code on the screen in a way that can't easily be read by bots (for example, a random number printed on an image with lines draw over it)
- send a confirmation email to the user, with a registration link in it
- when the user clicks the link, mark their account as activated
- (important) make sure you never send any email to email addresses that are not confirmed in this way
- provide a way for any user to retrieve their password on the website by entering only their email address
- provide a way for the user to cancel their account
- (important) make sure that if a user cancels their account, they are not sent any further emails to that email address
