[smf]

Apologies for not being clearer on this, I'm generally talking about marketing messages when I say "not keeping in touch".

My point here is "consent to send", e.g. I think most people would find that someone importing a years old list of email addresses and then suddenly sending marketing messages is unacceptable and constitutes spam.

If you're "doing it right", then "touching" your customers with a once a year "Hey, we haven't seen you in a while" message is absolutely fine and generally a good thing to do as it maintains consent, because they can unsubscribe if they're no longer interested (as they might have forgotten they signed-up or had an account).

If someone hasn't logged into your "service" for >1 year and now wants to do a password reset several years later, then I would say that is entirely different.

We generally try our hardest to handle this case without it causing a listing if you hit our traps with something like this.