Anti-Spam and Electronic Communications Standard
Home - Anti-Spam Policy
About This Policy
This Anti-Spam and Electronic Communications Standard establishes the framework for the responsible use of AWEC's electronic communication systems. It is designed to prevent the misuse of AWEC domains, email accounts, websites, and digital platforms for spam, phishing, fraudulent communications, malware distribution, or any other unauthorized electronic activity. This policy aims to protect AWEC’s reputation, information systems, partners, donors, beneficiaries, and stakeholders while ensuring compliance with applicable national and international laws governing electronic communications and data protection.
1. Purpose
The purpose of this Annex is to establish standards for the responsible use of AWEC electronic communication systems and to prevent the misuse of AWEC domains, email accounts, websites, and digital platforms for spam, phishing, fraudulent communications, malware distribution, or any other unauthorized electronic activity. This Annex aims to protect AWEC’s reputation, information systems, partners, donors, beneficiaries, and stakeholders while ensuring compliance with applicable national and international laws governing electronic communications and data protection.
2. Scope
This Annex applies to all AWEC employees, interns, volunteers, consultants, contractors, board members, temporary staff, and any third party authorized to use AWEC information systems or communicate on behalf of AWEC. It covers all electronic communications transmitted through AWEC-owned or managed systems, including email accounts, mailing lists, websites, online platforms, social media accounts, and cloud-based communication tools.
3. Anti-Spam Commitment
AWEC maintains a zero-tolerance approach toward spam and unsolicited electronic communications. No individual or entity acting on behalf of AWEC may use AWEC systems, domains, or services to transmit unsolicited bulk messages, deceptive communications, or promotional content without an appropriate legal basis and, where required, the informed consent of recipients. AWEC is committed to ensuring that all electronic communications are lawful, transparent, relevant, and respectful of recipient privacy.
4. Prohibited Activities
The use of AWEC systems for unsolicited bulk emailing, commercial spam, phishing, fraud, malware distribution, chain letters, misleading fundraising appeals, or deceptive marketing practices is strictly prohibited. Users shall not purchase, rent, harvest, scrape, or otherwise acquire email addresses through unauthorized means for communication purposes. Users are also prohibited from disguising or falsifying sender identities, email headers, routing information, domain names, or any other information intended to conceal the true origin of a message. The transmission of messages containing malicious links, harmful attachments, or content that violates AWEC policies, donor requirements, or applicable laws is prohibited.
5. Authorized Mass Communications
Mass communications, newsletters, fundraising appeals, event announcements, awareness campaigns, and other bulk electronic communications may only be distributed through approved channels and with prior authorization from management or designated communication personnel. Such communications must contain accurate sender information, a clear and truthful subject line, relevant content, and contact details sufficient to identify AWEC as the sender. Where legally required, recipients shall be provided with a clear and functioning mechanism to unsubscribe or opt out of future communications.
6. Data Protection and Consent
AWEC shall collect, store, and process email addresses and contact information in accordance with its Data Protection and Privacy requirements. Personal contact information may only be used for legitimate organizational purposes and shall not be shared, sold, exchanged, or disclosed to unauthorized third parties. Where consent is required for electronic communications, AWEC shall maintain reasonable records demonstrating that such consent was obtained. Individuals who withdraw consent or request removal from mailing lists shall be removed within a reasonable period and no later than ten business days.
7. Email Security Requirements
All users shall exercise caution when sending and receiving electronic communications. Employees must verify recipient addresses before transmitting sensitive information and should avoid opening suspicious attachments or clicking unverified links. AWEC may implement technical safeguards including spam filtering, email authentication protocols, malware detection systems, domain protection mechanisms, and monitoring controls to reduce the risk of abuse, spoofing, phishing, and unauthorized access. Users shall not attempt to bypass or disable these security controls.
8. Third-Party Communications
Any vendor, consultant, service provider, partner organization, or third-party representative authorized to communicate on behalf of AWEC must comply with this Annex and all applicable legal requirements. Agreements with third parties should include provisions requiring compliance with anti-spam, cybersecurity, confidentiality, and data protection standards. AWEC reserves the right to suspend, terminate, or take legal action against any third party that engages in activities that compromise the integrity of AWEC systems or violate this Annex.
9. Monitoring and Investigation
AWEC reserves the right to monitor, review, audit, and investigate the use of its electronic communication systems to ensure compliance with organizational policies, contractual obligations, and legal requirements. Monitoring activities shall be conducted in accordance with applicable privacy and confidentiality requirements. Evidence of spam activity, phishing attempts, unauthorized mass communications, domain abuse, or other violations may be retained for investigative, disciplinary, legal, or regulatory purposes.
10. Reporting Suspected Abuse
Any employee, partner, donor, beneficiary, vendor, or member of the public who suspects that AWEC systems, domains, or email addresses are being used for spam, phishing, fraudulent activity, or other unauthorized purposes should immediately report the matter to complaints@awec.info . Reports should include, where possible, copies of the relevant communications, email headers, screenshots, links, or other supporting evidence to facilitate investigation.
11. Legal and Regulatory Compliance
All electronic communications conducted through AWEC systems shall comply with applicable laws, regulations, donor requirements, and contractual obligations relating to electronic communications, privacy, cybersecurity, and data protection. This includes compliance with relevant provisions of the CAN-SPAM Act, the Canadian Anti-Spam Legislation (CASL), the General Data Protection Regulation (GDPR), Afghan legal requirements, and any other applicable international standards.
12. Violations and Disciplinary Measures
Any violation of this Annex may result in disciplinary action, including suspension of system access, written warnings, termination of employment or contractual relationships, recovery of losses, referral to law enforcement authorities, civil legal action, or any other corrective measure deemed appropriate by AWEC management. Where a violation results in reputational damage, financial loss, security breaches, or legal liability, AWEC reserves the right to pursue all available remedies.
13. Roles and Responsibilities
All users of AWEC information systems are responsible for complying with this Annex and for reporting suspected violations. Managers are responsible for ensuring that staff under their supervision understand and comply with these requirements. The Information Technology Department is responsible for implementing technical controls, supporting investigations, maintaining security measures, and advising management on risks related to electronic communications. Senior Management is responsible for ensuring organizational compliance and enforcing corrective actions when necessary.