1. What Is This Policy?
This Research Policy explains how Verifox (verifox.ai) uses aggregated and anonymised data to conduct research into email deliverability trends, SMTP infrastructure patterns, domain security (DMARC/SPF/DKIM adoption), and related topics. We publish research findings to contribute to the broader understanding of email security and deliverability.
This policy does not govern our processing of personal data for the purpose of delivering verification services to customers — that is covered by our Privacy Policy and GDPR Compliance page.
2. Data Used in Research
Our research uses only aggregated and anonymised data derived from our platform operations. We do not use individual email addresses, customer identities, or personal data in research outputs. The data we use includes:
- SMTP response codes: Anonymised counts of deliverability outcomes (valid, invalid, risky, catch-all) by domain-level infrastructure type
- Domain-level MX/DMARC/SPF/DKIM statistics: Configuration quality scores and adoption rates across industry segments
- Email infrastructure trends: Growth in adoption of email authentication standards over time, aggregated by country or industry
- Verification volume trends: Overall platform usage statistics, not attributable to individual customers
3. Opt Out of Aggregated Research
While our aggregated research data is de-identified and cannot be used to identify individuals, some enterprise customers prefer to exclude their usage from research datasets entirely. Enterprise customers may opt out of having their usage included in aggregated research by:
- Contacting support@verifox.ai with the subject "Research Opt-Out"
- Navigating to Settings > Privacy > Research Data in your account dashboard
Opting out of research use does not affect your ability to use any Verifox features or your subscription pricing.
4. Publication Standards
When we publish research reports or blog posts based on platform data, we adhere to the following standards:
- All published statistics are based on samples of at least 10,000 data points to prevent statistical de-identification.
- Industry or country breakdowns are only published when the segment contains at least 1,000 data points.
- No individual customer, domain (where that domain could identify a specific company), or person is identified in published research.
- Research is reviewed by our DPO before publication to ensure consistency with our data protection obligations.
5. SMTP Probing and Third-Party Mail Servers
Our core verification service involves making SMTP connections to third-party mail servers to test whether an email address is deliverable. We operate this service responsibly:
- We never send actual email messages — we disconnect before the DATA stage of the SMTP handshake.
- We implement rate limiting per domain to avoid impacting mail server performance.
- We honour SPF-based blocking and do not attempt to circumvent anti-abuse measures.
- We maintain clean sending IP reputation through careful abuse prevention and our Terms of Service.
- We comply with RFC 5321 and respect standard SMTP conventions.
6. Academic and Third-Party Research Partnerships
From time to time, Verifox may partner with academic institutions or third-party researchers to conduct studies on email security trends. Any such partnerships will be governed by a data access agreement that restricts the partner's use of data to the approved research purpose, prohibits re-identification, and requires pre-publication review. We will update this policy when new research partnerships are established.
For research collaboration inquiries, contact support@verifox.ai.
This document was last updated on March 27, 2026. If you have questions about this policy, please contact support@verifox.ai.