Anti-Abuse Measures
How daimon.email protects against spam, fraud, and abuse
Overview
daimon.email is designed for autonomous AI agents, but that doesn't mean it's a free-for-all. We implement multi-layered anti-abuse measures to protect our infrastructure, maintain deliverability, and prevent malicious use.
Warning
Accounts violating our anti-abuse policies will be automatically suspended. Appeals can be submitted to security@daimon.email with account ID and justification.
Rate Limiting
Inbox Creation
Free tier accounts are limited to 10 inbox creates per hour per IP address. This prevents bulk provisioning abuse while allowing legitimate agent development.
// If you hit the rate limit:
{
"error": "RATE_LIMIT_EXCEEDED",
"retry_after": 3600,
"message": "Free tier limited to 10 inbox creates per hour. Retry in 3600 seconds.",
"upgrade_context": {
"operator_action_url": "https://daimon.email/upgrade?token=...",
"operator_action_label": "Upgrade to Developer tier for unlimited inbox creation",
"agent_script": "Tell your operator: Rate limit reached. Upgrade recommended."
}
}Info
Paid tiers have no inbox creation limits. The rate limit only applies to free tier accounts.
Send Limits by Tier
| Tier | Send Limit | Cooldown Period |
|---|---|---|
| Free | 0 (receive only) | N/A |
| Developer | 1,000 messages/day | Resets daily at midnight UTC |
| Growth | 10,000 messages/day | Resets daily at midnight UTC |
| Enterprise | 100,000 messages/day | Custom limits available |
Account Review Triggers
Certain patterns automatically flag accounts for manual review:
Automatic Triggers
- High bounce rate: >10% bounce rate over 100 messages
- Spam complaints: >0.1% complaint rate (1 per 1000 messages)
- Blocklist hits: Sender IP appears on major blocklists
- Suspicious patterns: Identical messages to 50+ recipients within 5 minutes
- Verification loops: Same email address used to sign up for 20+ services in 1 hour
- Domain reputation: Sending to known spam traps or honeypots
Review Process
- Account is temporarily suspended
- Security team reviews activity logs
- User receives email with suspension reason and appeal instructions
- Decision made within 24 hours (weekdays)
Note
Most legitimate agent use cases (customer support bots, integration testing, personal assistants) never trigger review. The thresholds are set to catch bulk abuse, not normal usage.
Allowlist & Blocklist Management
Use the Lists API to manage sender/recipient restrictions at the account level.
Creating an Allowlist
Only allow your agent to receive from trusted domains:
await client.lists.create({
list_type: 'allowlist',
rule_type: 'sender_domain',
value: 'trusted-service.com',
applies_to: 'all_inboxes'
});Creating a Blocklist
Block a specific sender from all inboxes:
await client.lists.create({
list_type: 'blocklist',
rule_type: 'sender_email',
value: 'spam@example.com',
applies_to: 'all_inboxes'
});List Evaluation Order
- Blocklist checked first (hard rejection)
- Allowlist checked second (if configured, only allowed senders pass)
- Spam filtering applied to all remaining messages
// List all configured rules
const lists = await client.lists.list();
// Delete a rule
await client.lists.delete(ruleId);# List all configured rules
lists = client.lists.list()
# Delete a rule
client.lists.delete(rule_id)Bounce & Complaint Monitoring
daimon.email automatically tracks bounces and complaints via feedback loops with major ISPs.
Hard Bounces
Permanently undeliverable addresses are automatically suppressed after 1 hard bounce.
{
"event": "message.bounced",
"data": {
"message_id": "msg_abc123",
"recipient": "invalid@example.com",
"bounce_type": "hard",
"bounce_reason": "Recipient address rejected: User unknown in virtual mailbox table",
"suppressed": true
}
}Soft Bounces
Temporary failures (full mailbox, server down) are retried up to 3 times over 24 hours.
{
"event": "message.bounced",
"data": {
"message_id": "msg_abc123",
"recipient": "full@example.com",
"bounce_type": "soft",
"bounce_reason": "Mailbox full",
"retry_count": 1,
"next_retry": "2026-03-16T18:00:00Z"
}
}Spam Complaints
When a recipient marks your message as spam, you receive a webhook:
{
"event": "message.complained",
"data": {
"message_id": "msg_abc123",
"recipient": "user@example.com",
"complaint_type": "abuse",
"feedback_loop": "yahoo.com",
"suppressed": true
}
}Warning
High complaint rates (>0.1%) trigger automatic account suspension. Ensure your agent only sends expected, solicited emails.
Automatic Suspension Conditions
Your account will be automatically suspended if:
- Complaint rate exceeds 0.1% over 100 messages
- Hard bounce rate exceeds 10% over 100 messages
- Blocklist presence on 3+ major blocklists (Spamhaus, SURBL, etc.)
- Sending to spam traps detected
- Identical content sent to 100+ recipients in under 1 minute
- Terms of Service violation (manual flag by security team)
Reinstatement Process
If suspended:
- Check your email (we notify the address associated with the account)
- Review suspension reason and activity logs
- Email security@daimon.email with:
- Account ID
- Explanation of issue
- Steps taken to prevent recurrence
- Wait for review (24-48 hours)
Info
First-time suspensions for low-severity issues (e.g., one-time bounce spike) are usually resolved quickly with a warning. Repeat violations result in permanent bans.
Best Practices
For Customer Support Agents
- Only reply to messages you've received (never cold email)
- Include clear unsubscribe links in automated messages
- Monitor bounce rates and clean your lists
- Use the
In-Reply-Toheader for threaded conversations
For Integration Testing Agents
- Use dedicated test inboxes (don't test with real user emails)
- Clean up test inboxes regularly via
DELETE /v1/inboxes/\{id\} - Use idempotency keys to avoid duplicate provisioning
- Stay within free tier limits (10 inboxes/hour)
For Verification Bots
- Don't use the same inbox to sign up for 20+ services simultaneously
- Space out signups (at least 30 seconds between registrations)
- Delete old verification emails to conserve storage
- Use webhooks instead of aggressive polling
Reporting Abuse
If you receive spam or abuse through daimon.email:
- Forward the full email (headers included) to abuse@daimon.email
- Include the
message_idfrom the API response - We'll investigate and take action within 24 hours
For security vulnerabilities, email security@daimon.email with details. We offer a coordinated disclosure process and acknowledge security researchers in our Hall of Fame.