How Crawlux handles email and communications.
Opt-in requirements, unsubscribe mechanisms, sender authentication via SPF, DKIM and DMARC, communication frequency limits and abuse reporting. Built to be predictable, respectful and compliant.
Anti-Spam key facts
Types of communication
Crawlux sends three categories of email: transactional (always), service notifications (always for active users) and marketing (opt-in only). The table below shows what triggers each, how to control them and the typical frequency.
| Email type | Trigger | Frequency | Opt-out |
|---|---|---|---|
| Account verification | Account creation | Once per signup | N/A · transactional |
| Password reset | User-initiated request | On request only | N/A · transactional |
| Audit completion | Audit finishes | Per audit | N/A · transactional |
| Payment receipts | Successful payment | Per payment | N/A · legally required |
| Refund confirmations | Refund processed | Per refund | N/A · legally required |
| Security alerts | Suspicious account activity | As needed | N/A · safety-required |
| Service status updates | Major incidents affecting your audits | 1-3 per quarter typically | Configurable in account |
| Audit follow-ups | Free audit completion | 3 emails over 14 days | One-click link in each |
| Product updates | Material methodology or feature releases | ~1 per month | One-click link in each |
| Newsletter | Opted in via website form | Monthly | One-click link in each |
No mass marketing without opt-in
Crawlux never adds emails to marketing lists from contact form submissions, audit signups or business cards collected at events. Marketing requires explicit opt-in via the newsletter form or product update toggle in account settings.
SPF, DKIM and DMARC
All Crawlux email passes three authentication standards. This protects your inbox from spoofed messages claiming to be from Crawlux and ensures legitimate Crawlux email reaches you reliably.
SPF
ConfiguredSender Policy Framework
SPF records published for tg3agency.com authorize specific mail servers to send on behalf of the domain. Receiving servers can verify that incoming Crawlux email originated from authorized infrastructure.
v=spf1 include:_spf.tg3agency.com -allDKIM
ConfiguredDomainKeys Identified Mail
DKIM signs every outgoing Crawlux email with a cryptographic signature tied to a published public key. Receiving servers verify the signature to confirm the email was not modified in transit.
selector1._domainkey.tg3agency.comDMARC
EnforcedDomain-based Message Authentication
DMARC tells receiving servers what to do when SPF or DKIM checks fail. Crawlux uses a strict reject policy. Spoofed emails claiming to be from tg3agency.com are rejected by compliant receivers.
v=DMARC1; p=reject; rua=mailto:[email protected]If you receive suspicious email claiming to be from Crawlux
Forward the full message with headers to [email protected]. We investigate spoofing attempts and update our DMARC reports. Genuine Crawlux email always passes all three authentication checks.
How opt-in and opt-out work
Marketing emails require explicit opt-in. Every marketing email contains a one-click unsubscribe link. Unsubscribe requests process within 10 seconds and apply to all future marketing communications.
Granular preferences
You can also adjust preferences granularly via the email preferences page in your account. Options include:
- Audit follow-up sequence (3 emails after free audit completion) · opt out individually
- Product updates (1 per month) · opt out individually
- Newsletter (1 per month) · opt out individually
- All marketing · single toggle to disable everything except transactional and safety-required emails
Transactional emails (account verification, password reset, audit completion, payment receipts, security alerts) cannot be disabled because they are required for the service to function safely.
What Crawlux never does
Several practices are common in the SaaS marketing world that Crawlux deliberately rejects. Listed here as commitments rather than just absences.
What we always do
- Send only what you opted into for marketing
- Honor unsubscribe within 10 seconds
- Authenticate every email with SPF, DKIM and DMARC
- Identify Crawlux clearly as the sender in every email
- Include a physical postal address in marketing footers
- Provide one-click unsubscribe in marketing emails
- Document email triggers transparently in this policy
What we never do
- Buy, rent or trade email lists
- Sell, rent or trade your email to third parties
- Add you to marketing lists from contact form submissions
- Use deceptive subject lines or misleading from addresses
- Hide unsubscribe links or make them require login
- Email after you unsubscribe except for required transactional
- Send marketing through unauthenticated infrastructure
Report unwanted email
If you receive Crawlux email you did not request or believe is in violation of this policy, two reporting paths are available depending on what you experienced.
Reporting contact
Anti-spam policy issues: [email protected]
Suspected email spoofing: [email protected]
General privacy questions: [email protected]
Response window: 5 business days
Read the privacy policy for the full data picture
The privacy policy covers everything beyond email: data collection, processing, retention and your rights. Email handling is one piece of broader data handling.
Anti-Spam Policy v1.0 · Effective April 13, 2026 · CAN-SPAM, GDPR, ePrivacy compliant