| Ref # |
Principle or Proposed Principle
|
| FWE001 |
Free Email Account Services should ensure
that users have readily and easily available optional access to the
full email headers of emails received. |
| FWE002 |
Free Email Account Services should not
knowingly distribute unsolicited emails, or emails reasonably suspected
of being unsolicited, to their users, and should institute multiple
forms of filters. Such filters should eradicate spam, not merely
deliver it to a separate folder. Filters should as a minimum be a
combination of "known phrase" (or similar), Open Relay Filters, and
Known Rogue IP filters. |
| FWE003 |
Free Email Account Services should maintain
an adequately and competently staffed abuse desk on a 24 hour, 365 day
per year basis. The contact details for the abuse desk should be
readily and easily accessible on the website of the Free Web Email
Service, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| FWE004 |
Free Email Account Services should ensure
that their Terms of Service include a strong antispam clause, including
but not limited to prohibiting:
- Sending unsolicited bulk/commercial email
- Receiving replies from unsolicited
bulk/commercial emails sent from any other service provider
with violation resulting in immediate account termination without
further warning, barring the user from future access, and passing on
all information regarding breaches of their Terms of Service to any
other service provider known or believed to be used by the offender.
|
| FWE005 |
Upon receipt of an evidence-based abuse
report, the abuse desk of the Free Email Account Service should
investigate the complaint and take action within two (2) hours. If the
complaint is valid, the account should be terminated immediately, the
offender barred from future use of the service, and the violation and
termination reported to the other service providers known or believed
to be used by the offender. If the complaint cannot be properly
investigated within two (2) hours, the account should be temporarily
suspended while the investigation continues. All complainants should be
sent a reply stating the outcome of the investigation and the action
taken. |
| FWE006 |
All Free Email Account Services should
mandatorily provide BCC: as a sending option in addition to the usual
TO: and CC: sending alternatives. Where a user attempts to send an
email to multiple recipients via either the TO: or the CC:
alternatives, a pop-up help screen should automatically appear, giving
the user a suggestion of sending via BCC instead "as a security
measure" - and asking if they wish to continue or change the addresses
to BCC. |
| FWE007 |
Free Email Account Services should place a
strict limit on the number of recipients to whom any single email being
sent from their service may be sent. (For the sake of example and
recommendation only - Max. 20 recipients.) |
| FWE008 |
Free Email Account Services should place a
cap on the volume of outgoing mail which may be sent from any one
account in any given time period. (For the sake of example and
recommendation only - 20 in any one hour period and 100 in any 24 hour
period.) |
| FWE009 |
Free Email Account Services should prevent
the use of their accounts being used as "drop boxes" for spam replies
by placing a strict limit on the number of emails any one account may
receive in any given time period. (For the sake of example and
recommendation only - Maximum of 10 in any one hour period.) Accounts
breaching the set threshold should be automatically suspended pending
investigation. Investigation should be completed within two (2) hours
of the triggering of the automatic suspension. If the breach is
innocent, the suspension should be removed. If evidence of "drop box"
activity is clear, the account should be terminated and evidence of IP
and other identifying data of any person trying to access the account
recorded and abuse reports lodged to the offender's ISP. |
| FWE010 |
Free Email Account Services should ensure
that each email sent through their service has the Originating IP (and
it's resolved name) of the account user, and the time-stamp, embedded
in a footer, to aid recipients in identifying the sender and to deter
abuse. |
| FWE011 |
Free Email Account Services should not
allow themselves to be used as defacto anonymous services, and should
protect themselves from being so used by only permitting account access
where the user's originating IP is unmistakeable. Technologies to
recognise when Account Holders are using non-transparent proxies, and
to block account access accordingly, should be implemented. |
| FWE012 |
In the event that a free email account
service has been fraudulently associated with a spam (via mention of
non-existent account as a return-path, for example), the free email
service provider should take all available measures to identify the
perpetrator and pursue all possible legal remedies. Where the domain
itself does not host the service but an outsourced service provides the
email service on behalf of the domain, it should be encumbent upon the
outsource provider to vigorously pursue all legal avenues to defend the
reputation of it's client. |
| FWE013 |
Free Email Account Services, in their
Privacy Statements, should reserve the right to pass on all information
regarding breaches of their Terms of Service to any other service
provider known or believed to be used by the offender. |
| FWE014 |
Free Email Account Services should enable
technology to prevent automated account registrations, ensuring that
accounts opened can only possibly be humanly applied for or operated. |
| FWE015 |
Free Email Account Services should, in
their Terms Of Service, prohibit the use of their accounts for the
purpose of providing contact details for domain registrations. |
| FWE016 |
Free Email Account Services should
implement technologies that allow only for manual human sign-up for
accounts and services, prohibiting and preventing robotic sign-ups. |
