Phishing is a deceptive email practice where someone tries to impersonate a trusted person, company, or service to steal sensitive information, credentials, money, or account access.
Mailcamp must not be used to send phishing emails or content that misleads recipients about who is sending the message, where a link goes, or what action the recipient is taking.
An email pretending to be a bank, payment provider, social network, delivery company, or internal company team.
A link that looks like it goes to a trusted website but actually opens a fake login page.
A message asking recipients to enter passwords, one-time codes, recovery phrases, payment details, or private documents.
A campaign that uses a misleading From name, sender domain, logo, or brand identity.
An email that creates false urgency to pressure people into clicking or sharing sensitive information.
Do not impersonate another brand, person, company, or public service.
Do not use deceptive links, fake login pages, or misleading call-to-action buttons.
Do not ask recipients to send passwords, verification codes, payment details, or private credentials by email.
Do not hide the real destination of a link with suspicious redirects or URL shorteners.
Do not send campaigns that trick recipients into taking an action they did not expect.
Use a From name and From email that clearly identify your brand or organization.
Authenticate your sender domain in Sending domains.
Use a verified sending domain that matches your website or brand.
Use a custom tracking domain when your plan supports it, so tracked links look consistent with your brand.
Write subject lines that accurately describe the email content.
Make sure every link goes to the destination the text or button suggests.
Check every button and text link in the campaign.
Avoid URL shorteners unless there is a clear business reason to use them.
Use HTTPS links whenever possible.
Do not link to pages that imitate another service's login or payment flow.
Send a test email and click through each link before sending to the full audience.
Use a strong password for your Mailcamp account.
Turn on two-factor authentication when available.
Limit team access to people who need it.
Review team permissions regularly.
If you notice campaigns you did not create, pause sending and review account access immediately.
Review campaign reports after sending.
Watch for unusual complaint, feedback, unsubscribe, or bounce activity.
Check feedback logs if recipients report spam or abuse.
Pause campaigns that generate unexpected negative signals.
Review the campaign content, sender identity, and link destinations before sending again.
Do not click links or download attachments from messages you do not trust.
Check the sender address and domain carefully.
Visit the service directly by typing the official website address into your browser.
Do not enter passwords or verification codes into pages opened from suspicious emails.
Report suspicious messages to your security team or email provider.
A campaign is flagged as suspicious: review sender authentication, links, subject line, and whether the message imitates another brand.
Recipients report phishing: pause the campaign, inspect all links, and confirm the account was not accessed by someone unauthorized.
Links look unfamiliar: use a verified tracking domain if your plan supports it.
Your sender identity looks wrong: verify the sending domain and use a From email that matches your brand.
You suspect account compromise: change your password, enable two-factor authentication, review team members, and contact support if needed.