Effective Date: 8 March 2026 | Last Updated: 8 March 2026
The following activities are considered abuse of the SMSFoundry platform and are strictly prohibited:
Sending commercial or promotional messages to recipients who have not provided explicit, informed consent. This includes purchased contact lists, scraped phone numbers, or any messaging to individuals who did not opt-in to receive your communications.
Sending messages that impersonate banks, government agencies, service providers, or any other entity with the intent to deceive recipients. This includes messages designed to harvest personal information, login credentials, or financial details.
Generating large volumes of messages to premium-rate or high-cost destinations for the purpose of fraudulent revenue generation. This is the #1 SMS fraud vector globally and is monitored aggressively by our automated systems.
Sending repeated messages to the same phone number in a short period, whether intentionally (harassment) or through faulty integration logic (OTP loops, retry storms). Our system limits sends to the same number to 5 per 5-minute window.
Sending messages containing or promoting: illegal activities, hate speech, threats or harassment, malware distribution links, sexually explicit content, drug or weapons trafficking, or any content targeting minors.
Embedding malicious URLs, phishing links, or using URL shorteners (bit.ly, tinyurl, etc.) to disguise destination links. Our system flags messages containing known shortener domains and multiple URLs.
Attempting to bypass rate limits, quota restrictions, abuse detection systems, content filters, or any security measures. This includes creating multiple accounts to evade restrictions on a suspended account.
Sending messages that violate TRAI DLT regulations (India), TCPA (US), GDPR (EU), or any other applicable telecommunications or privacy law. This includes sending promotional messages to numbers registered on the National Do Not Disturb (NDND) registry.
SMSFoundry employs a multi-layered automated abuse detection system that monitors in real-time:
Monitors message velocity to country prefixes. High-risk destinations (e.g., +234 Nigeria, +880 Bangladesh) have lower thresholds. 30+ messages to the same country prefix in 10 minutes triggers a flag.
Tracks per-number send frequency. More than 5 messages to the same number within 5 minutes triggers a high-severity flag.
Detects burst sending patterns. More than 50 messages in 5 minutes triggers a flag. During off-hours (10 PM – 7 AM), the threshold drops to 10 messages — compromised accounts often send at night.
Identifies identical messages sent to many different numbers. Same message to 10+ unique recipients within 1 hour is flagged.
Checks for known URL shorteners (14+ domains), multiple links in a single message, and suspicious domain patterns commonly used in phishing.
Scans for 40+ spam/fraud keywords and 7 pattern-matching rules covering phishing phrases, SHAFT content (Sex/Hate/Alcohol/Firearms/Tobacco), and social engineering language.
Sliding 1-hour window failure rate check. If more than 40% of messages fail (minimum 10 messages), a flag is raised — often indicates invalid number campaigns or carrier blocks.
Lower thresholds for messages sent between 10 PM and 7 AM. Abnormal nighttime activity often indicates a compromised account.
Abuse flags are assigned severity levels that determine the response:
Low: Logged for monitoring. No immediate action. Example: minor content match.
Medium: Logged and visible in admin dashboard. Account is monitored more closely. Example: duplicate content to many numbers.
High: Flag raised to admin for review. Sending may be throttled. Example: rapid sending, recipient bombing, URL shortener detected.
Critical: Immediate sending suspension. Admin notified. Example: AIT/pumping to high-risk destinations, 70%+ failure rate. 3 or more critical/high flags within 24 hours triggers automatic account suspension.
Depending on the severity and nature of the violation, we may take one or more of the following actions:
Warning: Email notification describing the violation and required corrective action.
Throttling: Temporary reduction in sending rate or daily limits.
Suspension: Account access preserved (dashboard only) but all message sending disabled. API returns 403. Suspension may be automatic (triggered by abuse detection) or manual (by admin review).
Termination: Permanent account closure. All data deleted after 30 days. Reserved for repeat offenders, severe violations, or illegal activity.
Legal action: In cases involving fraud, illegal content, or significant financial harm, we reserve the right to report the activity to law enforcement authorities and pursue legal remedies.
The Platform automatically suspends accounts when 3 or more high/critical abuse flags are raised within a 24-hour period. This is a safety mechanism — not a punishment. Auto-suspended accounts can appeal for review.
Upon auto-suspension:
a) All queued messages are held (not deleted).
b) API requests return HTTP 403 with error code tenant_inactive.
c) Dashboard access remains available (read-only).
d) An email is sent to the account owner explaining the suspension.
If you believe your account was suspended in error, you may appeal by:
1. Emailing support@smsfoundry.com with subject line "Abuse Appeal — [Your Account Email]".
2. Include a description of your use case, the messages you were sending, and any relevant context.
3. Appeals are reviewed within 2 business days.
4. If the appeal is approved, your account will be reactivated with a warning. Repeat violations after reinstatement will result in permanent termination.
If you are a recipient of unwanted messages sent through SMSFoundry, or if you have evidence of platform abuse by a tenant, please report it to:
Abuse Report
Email: abuse@smsfoundry.com
Include: the phone number that sent the message, the message content, and the date/time received.
We investigate all abuse reports and take action within 24 hours.
SMSFoundry cooperates with telecommunications carriers, TRAI, and law enforcement agencies in investigating messaging abuse. We may share relevant account information and message metadata (not content) when legally required or when necessary to prevent ongoing harm.
As a tenant, you are responsible for:
a) Obtaining proper consent from all message recipients before sending.
b) Honoring opt-out requests promptly (within 24 hours).
c) Securing your API keys and device tokens to prevent unauthorized use.
d) Monitoring your own sending patterns and addressing issues before they trigger abuse flags.
e) Complying with all applicable laws and regulations in your jurisdiction.
This Abuse Policy may be updated to address emerging threats and regulatory changes. Material changes will be communicated via email. Continued use of the Platform after changes take effect constitutes acceptance.