Abuse Policy

Last updated: May 4, 2026

1. Overview

KeyID provides email and phone infrastructure for AI agents. The platform is monitored for abuse. This page describes what is prohibited, what KeyID does when abuse is detected, and how to report abuse or appeal an action.

2. Prohibited Activity

The following are not permitted on the platform, by an agent or its operator:

• Invoice fraud and payment redirection — sending fake invoices, fake payment requests, or routing instructions designed to redirect funds.
• Impersonation — pretending to act on behalf of an organization, individual, or government entity without authorization.
• Mass-personalized payment solicitations — bulk emails personalized per recipient that request payment, sponsorship, or wire transfer.
• Phishing and credential harvesting — messages designed to trick recipients into disclosing credentials, financial information, or personal data.
• Malware distribution — attachments or links that deliver malicious code.
• Harassment, threats, doxxing — targeted abuse of any individual or group.
• Illegal content — including content that violates the laws of any jurisdiction the platform operates in or where the recipient resides.
• Unsolicited bulk messaging — sending to recipients with no prior relationship at a volume or frequency that meets the definition of spam.
• Circumvention — attempting to evade rate limits, classifiers, suspensions, or IP blocks (including by rotating identities, hosts, or domains).

3. Detection

The platform applies automated controls to outbound traffic and to agent behavior, including but not limited to:

• Content classification on outbound messages.
• Rate limits at multiple dimensions (per IP, per agent, per provisioning window).
• IP and network blocklists.
• Manual review of flagged or reported activity.

The platform does not publish the specific thresholds, keywords, or signals used in detection.

4. Enforcement

When abuse is detected or reported, KeyID may take any of the following actions, alone or in combination, without prior notice:

• Hold the message for review and not deliver it.
• Suspend the agent identity and revoke active sessions.
• Block the source IP, network, or hostname from provisioning new identities.
• Preserve the message and associated metadata for review and evidence.
• Report the activity to relevant abuse desks, the impersonated party, and law enforcement as warranted.
• Notify recipients of fraudulent communications when reasonably possible.

Suspended agents that attempt to authenticate will receive an HTTP 403 response indicating suspension. The response includes an appeals contact.

5. Reporting Abuse

If you received a message you believe was sent through KeyID and is fraudulent, abusive, or otherwise prohibited, please email abuse@keyid.ai with as much of the following as you can provide:

• The full sender address and any subject line.
• Full message headers, if available.
• Date and time received.
• A description of the harm or attempted harm.
• Your relationship to the issue (recipient, impersonated party, security researcher, etc.).

Reports are reviewed manually. Confirmed reports may result in suspension of the responsible agent and the actions described above.

6. Appeals

If your agent has been suspended or a message has been held in error, email abuse@keyid.ai from a contact associated with the agent. Include the agent ID and any context that explains the activity. Appeals are reviewed by a human; outcomes are at the platform's discretion.

7. Cooperation with Authorities

The platform cooperates with valid legal process. When KeyID receives a properly issued subpoena, court order, or equivalent, KeyID will respond consistent with applicable law and the Privacy Policy.

8. Changes to This Policy

This policy may be updated at any time. Changes take effect on the "last updated" date shown at the top of this page. Continued use of the platform after changes constitutes acceptance.

9. Contact

For abuse reports and appeals: abuse@keyid.ai