Introduction and Purpose
This document sets forth the principles, guidelines and requirements of the Acceptable Use Policy of GramTel USA, Inc. ("Company") and subsidiaries governing the use by the Customer ("Customer") of the Company's services and products ("Services and Products"). The Purpose of Company's Acceptable Use Policy, hereinafter referred to as the AUP, is to comply with all federal, state, and local laws coupled with protecting the network security, network availability, physical security, Customer privacy, and other factors affecting the services provided by Company. Company reserves the right to impose reasonable rules and regulations regarding the use of its services provided to all Customers and such rules and regulations are subject to change. Such rules and regulations are located on the Internet at http://www.gramtel.net. The AUP is not an all inclusive exhaustive list and Company reserves the right to modify the AUP at any time as needed, effective upon either the posting of the modified AUP to http://www.gramtel.net or notification to the Customer via email. Acceptance and execution of the Services Agreement binds all parties to Company stated AUP at the time the contract is executed and as modified from time to time. Any violation of the AUP may result in the suspension or termination of Customer account(s) or such other action as Company deems appropriate. No credits will be issued for any interruption in service resulting from policy violations

VIOLATION OF ANY SECTION OF THE AUP IS STRICTLY PROHIBITED AND MAY RESULT IN THE IMMEDIATE TERMINATION OR SUSPENSION OF THE SERVICES CUSTOMER RECEIVES FROM COMPANY.

Any questions or comments regarding the AUP should be directed to abuse@gramtel.net

Compliance with Law

Customer shall not post, transmit, re-transmit or store material on or through any of Services or Products which, in the sole judgment of the Company (i) is in violation of any local, state, federal or non-United States law or regulation, (ii) threatening, obscene, indecent, defamatory or that otherwise could adversely affect any individual, group or entity (collectively, "Persons") or (iii) violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Customer. Customer shall be responsible for determining what laws or regulations are applicable to its use of the Services and Products.

Customer Security Obligation

Each Customer must use reasonable care in keeping each server or network devices attached to Company infrastructure up-to-date and patched with the latest security updates. Failure to use reasonable care to protect a server may result in a security compromise by outside sources. Company is not responsible for Customer server level security unless a security administration package, firewall security administration package or fully managed operating system package is contracted for and maintained. A compromised server creating network interference will result in immediate Customer notification and will be disconnected from the network immediately so as to not directly affect other Customers. No service credits will be issued for outages resulting from disconnection due directly to breached server security. The Customer is solely responsible for any breaches of security affecting servers under Customer control, including repairing the system, terminating the account(s) of the abusive user(s), and reporting occurrence of the issue to abuse@gramtel.net. If a Customer intentionally creates a security breach, the cost to resolve any damage to Customer's server or other servers will be charged directly to the Customer. The labor used to resolve such damage is categorized as emergency security breach recovery and is currently charged at $100.00 USD per hour.

System and Network Security

Violations of system or network security are strictly prohibited, and may result in criminal and civil liability. Company investigates all incidents involving such violations and will cooperate with law enforcement if a criminal violation is suspected.

Examples of system or network security violations include, without limitation, the following:

1. Introduction of malicious programs into the network or server (example: viruses, worms, Trojan Horses, key loggers, and other executables intended to inflict harm).
   
2. Effecting security breaches or disruptions of Internet communication and/or connectivity. Security breaches include, but are not limited to, accessing data of which the Customer is not an intended recipient or logging into a server or account that the Customer is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to port scans, flood pings, email-bombing, packet spoofing, IP spoofing and forged routing information.
   
3. Executing any form of network activity that will intercept data not intended for the Customer's server.
   
4. Circumventing user authentication or security of any host, network or account, including “cracking.”
   
5. Interfering with or denying service to any user, host, or network other than the Customer's host (example: denial of service attack or distributed denial of service attack).
   
6. Conduct designed to avoid restrictions or access limits to specific services, hosts, or networks, including but not limited to the forging of packet headers (“spoofing”) or other identification information.
   
7. Using any program script/command, or sending messages of any kind, designed to interfere with or to disable, a user's terminal session, via any means, locally or via the Internet.
   
8. Failing to comply with the Company's procedure relating to the activities of Customers on the Company's premises. Violators of the policy are responsible, without limitations, for the cost of labor to correct all damage done to the operation of the network and business operations supported by the network. Such labor is categorized as emergency security breach recovery and is currently charged at $100.00 USD per hour required. Network interference by any Customers that may cause or is currently causing network interference with another Customer will be disconnected immediately. No service credits will be issued to Customers disconnected for network violations.

Internet Etiquette

Each Customer is expected execute reasonable Internet etiquette (Netiquette), the accepted behavior and expectations of the Internet community. The Customer will comply with the rules appropriate to any network to which Company may provide access. The Customer should not post, transmit, or permit Internet access to information the Customer desires to keep confidential. The Customer is not permitted to post any material that is illegal, libelous, and tortuous, indecently depicts children or is likely to result in retaliation against Company by offended users. Company reserves the right to refuse or terminate service at any time for violation of this section. This includes advertising services or sites via IRC or USENET in clear violation of the policies of the IRC channel or USENET group.

Child Pornography

Company will cooperate fully with any criminal investigation into a Customer's violation of the Child Protection Act of 1984 concerning child pornography. Customers are ultimately responsible for the actions of their clients over Company network, and will be liable for illegal material posted by their clients.

According to the Child Protection Act, child pornography includes photographs, films, video or any other type of visual presentation that shows a person who is or is depicted as being under the age of eighteen years and is engaged in or is depicted as engaged in explicit sexual activity, or the dominant characteristic of which is the depiction, for a sexual purpose, of a sexual organ or the anal region of a person under the age of eighteen years or any written material or visual representation that advocates or counsels sexual activity with a person under the age of eighteen years.

Violations of the Child Protection Act should be reported to the U.S. Customs Agency at 1-800-BEALERT.

Copyright Infringement

Company datacenter infrastructure including network, leased hardware, co-location services, and other hardware located in the facility may only be used for lawful purposes. Transmission, distribution, or storage of any information, data or material in violation of United States or state regulation or law, or by the common law, is prohibited. This includes, but is not limited to, material protected by copyright, trademark, trade secret, or other intellectual property rights; including creating, utilizing, distributing unauthorized copies of software, or the use of BitTorrent or other types of technologies utilized in the distribution of illegally copied materials. If Customer copies, distributes or installs software in defiance of the license agreement, Customer is violating federal copyright law. Company will cooperate with all law enforcement agencies in relation to alleged copyright infringement housed in our datacenters.

Please see Copyright Infringement Reporting for procedures on disclosing alleged copyright infringement located at http://www.gramtel.net.

Repeated violations of GramTel's Copyright Infringement Policy could result in permanent suspension of customer's account.

Hosting Policy

Data Unlawful or Against the AUP: Promoting violation of the law or the AUP by hosting data that facilitates the violation is prohibited, including but not limited to:

• Hosting web pages that detail the methodology of committing unlawful acts, or acts violating this AUP.
• Hosting software, scripts, or other resources intended to facilitate committing unlawful acts, or acts violating this AUP.
• Advertising, transmitting, storing, or using any software, script, program, product, or service designed to violate this AUP
• Harvesting. The collection of email addresses, credit card information, or other personal information for fraudulent use or sale is prohibited
• Phishing. Hosting web pages with forwards to, containing scripts or executables for, or any other component of an operation designed to fraudulently collect authentication, credit card, names, addresses, or any other personal data (“phishing”) is not permitted.
• Spamvertised Sites. Hosting web pages advertised by spam sent from another network (“spamvertised”) is not permitted.

Email Policy

Email Spam. Company has a zero stance policy on SPAM, Junk E-mail or UCE. Spam, Junk-mail and UCE are defined as: the sending of the same, or substantially similar, unsolicited electronic mail messages, whether commercial or not, to more than one recipient. A message is considered unsolicited if it is posted in violation of a newsgroup charter or if it is sent to a recipient who has not requested or invited the message. UCE also includes e-mail with forged headers, compromised mail server relays, and false contact information. This prohibition extends to the sending of unsolicited mass mailings from another service, which in any way implicates the use of Company whether or not the message actually originated from our network.

Block Removal. If Customer actions have caused Company mail servers or Company IP address ranges to be placed on black hole lists and other mail filtering software systems used by companies on the internet, Customer will be assessed a $100 charge to Customer account and $100 per hour for administrative charges incurred to remove and protect mail servers and IP ranges.

• Drop-Box Accounts. Using this network for the receipt of replies to unsolicited mass email (spam) sent from a third-party network is prohibited.
• Header Forgery: Forgery of email headers (“spoofing”) is prohibited.
• Proxy Spamming: Spamming via third-party proxy, aggregation of proxy lists, or installation of proxy mailing software is prohibited.
• Relaying. Configuration of a mail server to accept and process third-party messages for sending without user identification and authentication is prohibited.

Mass Mailings: Sending mass unsolicited email is considered spam. Unsolicited email is defined as email sent to a recipient who has not double-opted in to mailings from the Customer. Senders of mass mailings must maintain complete and accurate records of all opt-ins, including the email and its headers if applicable, and provide such records to Company upon request. If positive and verifiable proof of opt-in cannot be provided, complaints from recipients of the mailing are considered proof they did not subscribe and the mailing is unsolicited.

Mailing Lists: Company's mass mailing rules also apply to mailing lists, list servs, or mailing services contracted for by Customer. The policy is stated as follows: An acceptable mailing list will be focused at a targeted audience that has voluntarily signed up for e-mail information using a double opt-in process or that has made their e-mail address available to Customer for distribution of information. The list must also allow for automatic removal by all end Customers with non-distribution in the future.

Fraud Policy

By agreeing to this AUP, Customer affirms that the contact and payment information provided to Company identifies Customer and that Customer is authorized to use the payment method. Commitment of fraud, obtaining services, or attempting to obtain services by any means or device with intent to avoid payment is prohibited.

IP Allocation

Company administers an Internet network on which multiple Customer servers reside. Customers shall NOT use IP addresses that were not assigned to them by the NOC staff or network administrators. Any server utilizing IP addresses outside of the assigned range will be suspended from network access until such time as the IP addresses overlap can be corrected. Use of an unauthorized IP address will result in a charge of $20 per IP. Use of an unauthorized IP address creating a third party Customer outage will result in a $100 charge and termination of service until the IP allocation is resolved.

IRC Policy

Company allows stand alone IRC servers which are not connected to global IRC networks such as Undernet, EFnet, DALnet and other IRC networks. IRC servers which establish and maintain connections to global IRC networks such as Undernet, EFnet, DALnet and others will be considered to be in violation of the Acceptable Use Policy.

Company does not allow IRC plug-ins, scripts, add-ons, clones or other software that has the intent or effect of disrupting or denying service to other users. Harassing, disrupting or denying service to other users is expressly prohibited, and may result in the immediate suspension or cancellation of Customer account(s).

If IRC servers attract DoS or DDoS attacks that disrupts or denies service to other Customers, Company will null-route, ACL or otherwise suspend service to maintain quality of service for other Customers on our network.

Company allows the limited use of stand-alone IRC “bots”. Company prohibits the use of “botnets”. Customer IRC server may run a “bot”, but Customer may not join a “botnet”. The use of IRC BNC’s or other proxy and re-direction software is expressly prohibited.

For the purposes of policy enforcement, any malicious activity observed to originate from a Customer’s server may result in the immediate suspension of service to the offending Customer’s server without prior notice. Frequently compromised servers may be reviewed for account termination on a case-by-case basis. The purpose of this case-by-case review is to deter AUP prohibited activity from occurring under the blanket excuse of a “compromised server.”

Harassing, abusive and aggressive IRC activity is prohibited. This includes ‘flooding’ (rapid transmission of information with the intent to harass or deny service), ‘hijacking’ (taking improper or unauthorized control of channel or server operator privileges), sending messages to users who do not want them, attempting to circumvent a channel or server ban, impersonating other IRC users and other abusive IRC behavior as determined by Company.

Company reserves the right to modify or amend the IRC policy at any time.

Reseller Policy

Resellers are responsible for the conduct of their Customers and by agreeing with this AUP, agree that their Customers will adhere to the AUP. Resellers should make their perspective Customers aware of the AUP and the consequences for violation.

Usenet Policy

E Usenet posts must conform to standards established by the Internet community. Prohibited acts include, but are not limited to, the following:

• Posting of articles and/or URLs for commercial purposes, except where permissible by the charter or FAQ of that particular group and adhering to the topic of said group.
• Posting of binary files to groups who do not allow for binary posts in the charter of by the name of the group.
• Excessive cross-posting and/or excessive multi-posting, considered to be the equivalent of Usenet spamming. Company reserves sole authority of determining posts constituting excessive cross- or multi-posted.
• Canceling of posts other than Customers own posts.
• Using auto-responders or cancel-bots.
• Unauthorized creation, cancellation, or removal of newsgroups.

Note: While legitimacy of a posting is generally determined by a moderator, Company reserves sole authority of determining post legitimacy.

Suspension and Cancellation

Company will use reasonable care in notifying the Customer and in resolving the problem in a method resulting in the least amount of service interference as reasonably possible. Company reserves the sole right to suspend service to any Customer located in our datacenter for violation of the AUP without notice. Company reserves the right to terminate service without notice for any violations of the AUP.

Violations of the AUP will result in the following:

• A warning notification via email, Orbit trouble ticket or telephone with 72 hours notice for resolution.  

72 hours is the standard notification; situations involving law enforcement, phishing, fraud, password harvesting, network interference, Denial or Disruption of service, IRC mis-use, or other malicious activity can reduce the notification time frame.

Failure to resolve the AUP violation within 72 hours will result in the following:

• Removal of the violating content or service
• Removal of DNS for the server
• Temporary shutdown of the server
• Block on outgoing mail
• IP address routing to null

Repeat violation of the above terms will result in the following actions.

• Immediate disconnection of service with no re-activation.
• $100 fee assessed to Customer account for violation.