What is the Habeas SafeList?

The Habeas SafeList is a DNS-based IP address listing of Habeas licensees, each of whom only sends email that meets stringent compliance requirements. The Habeas SafeList is the only whitelist where the senders are warranting the legitimacy of their emailing according to email industry best practices. If an IP address is on the Habeas SafeList, it is legitimate email that consumers want. ISPs and anti-spam solution providers can use the Habeas SafeList to quickly identify which inbound email is known to be spam-free. Using the Habeas SafeList, receivers realize the following benefits:

• More effectively allocate inbound mail server and anti-spam resources;
• Avoid false positives, where legitimate email is mistakenly identified and blocked as spam;
• Ensure your users receive the email they want, while still allowing tight anti-spam controls.

What headers must be added to messages being sent from a Safelisted IP address?

Messages sent from a SafeListed IP address must include the Accreditor header field with the headers of a message, along with a header specifying how complaints may be filed if the message in which the headers appears is spam. Depending upon how the sender's system is set up and the types of servers used, this will either be done on the sending server directly, or on another machine that relays the email on its way out to the Internet. The header field has two parts: the field name and the field value. The following two Habeas header field names and values must be inserted into the headers:

Accreditor: Habeas
X-Habeas-Report: Please report use of this mark in spam to www.habeas.com/report/

What are the requirements for inclusion on the Habeas Safelist?

In order to be included on the Habeas SafeList, senders must meet the following minimum requirements:

1. Senders must always obtain explicit consent from email recipients prior to sending messages to them, and, in general, use commonly accepted permission-based marketing practices.
2. Senders must provide a clearly visible and functional unsubscribe mechanism on all messages, and process requests within ten business days.
3. Senders must always use clear and accurate headers and subject lines that correctly identify the origin and content of the message.
4. Senders must include their valid physical postal address in all commercial emails.
5. Senders must have a removal policy for repeatedly bouncing email addresses.
6. Senders must never send to harvested addresses.
7. Senders must adhere to government legislation and regulations relating to email marketing practices.
8. Senders must publish a privacy policy on their web sites which clearly inform email recipients about how their personal information is used and shared.
9. Senders must have a mechanism for accepting and processing recipient complaints and abuse reports.
10. Senders must continually improve their business practices to stay current with changing standards and technologies.
11. Senders must have properly configured forward and reverse DNS records.
12. Senders must have properly configured MX records.
13. Senders must publish a valid WHOIS record.
14. Senders must ensure that their mail servers are secured against unauthorized relaying.
15. Senders must have functional postmaster and abuse mailboxes which are checked on a regular basis, and any complaints found must be handled promptly.
16. Senders must not be listed on any of the blocklists to which Habeas assigns a high weighting factor.

What changes to a sender's infrastructure and/or processes may be required in order to included on the Habeas Safelist?

Due to the fact that both the Habeas SafeList and Email Monitor rely on IP addresses in order to function properly, senders must send their mail from an IP address dedicated for their sole use in order to be included on the Habeas SafeList. Other unrelated organizations may not share that IP address. This requirement is not applicable if email is being distributed by a Habeas Partner.

If a sender's mailing list includes addresses which were acquired under differing permission policies, the sender must be able to segregate those email addresses and distribute them through separate IP addresses with similar permission levels.

Senders also must conform to the guidelines set forth in the knowledge base entry, "What are the requirements for inclusion on the Habeas SafeList?"

Under what circumstances would a domain or IP addresses be removed from the Habeas Safelist?

Before removing a domain or IP address from the Habeas SafeList, Habeas will make every effort to work with its licensees in order to avoid having to take such action. the following reasons could be cause for removal of a licensee's domains or IP addresses from the Habeas SafeList:

1. Excessive complaint volume;
2. Unheeded, negligent or untimely responses to recipient requests to be removed from the sender's mailing list;
3. Evidence that sender knowingly uses harvested email addresses;
4. Repeated complaints of a similar nature about the sender;
5. Demonstrated unwillingness of the sender to fix or otherwise improve email sending practices to remedy complaint or abuse causing behavior.
6. Sender's breach or non-compliance with the terms of the Master Service Agreement;
7. Clear evidence of the sender's use of email practices commonly associated with "spam" or "spamming" which occur after the date of signing the Master Service Agreement; and
8. Non-payment of fees due to Habeas.

How does Habeas verify compliance by Safelisted senders on an ongoing basis?

Habeas monitors adherence to the Habeas SafeList standards and the Master Service Agreement by reviewing complaint data it receives and through compliance tracking tools. Monitor resources include:

1. Complaint data results;
2. Domain use and affiliation reports;
3. Blocklist findings;
4. Email Monitor sending performance results; and
5. Unsubscribe functionality testing results.

How can a receiver obtain access to the Habeas SafeList?

The Habeas Receiver Partner Program, which includes access to the SafeList of Habeas Certified Senders, is open to all legitimate ISPs, MSP (Mail Service Providers) and anti-spam solution providers, large or small, private or enterprise, U.S. or international, at no cost.

SafeList Values
The following table shows the values which can be returned by the Habeas accredit server and their corresponding permission levels (Value : Permission Level):

• 10 : One-to-one (personal)
• 20 : Transactional
• 30 : Confirmed opt-in
• 40 : Personal Referral
• 50 : Single opt-in
• 60 : Registered but not certified

How does the Habeas Safelist benefit receivers?

Habeas serves as a trusted intermediary with access to sources of data on sender reputations. Our goal is to provide a system for recognizing commercial email senders with a proven level of performance, integrity and quality in their business practices that entitles them to the confidence of email recipients. ISPs and enterprises can improve spam control measures by filtering more aggressively with lower false positive rates. Moreover, ISPs and their customers will have a fast remedy if they should receive spam from a Habeas SafeListed sender.

What do I do if I receive spam from a Habeas Safelisted licensee?

Habeas offers two methods for reporting instances of suspected spam being sent by its licensees included on the SafeList. Recipients of spam may send a report to complaints@habeas.com.

Complaints and feedback will be used by Habeas to monitor the sender's compliance with our SafeList standards and improve the sender's emailing practices. Habeas will maintain complainants' anonymity and will only provide aggregated, anonymous feedback to the sender. Habeas will provide email addresses to the sender only for the purpose of unsubscribing recipients from its email list.