By forcing Domain Alignment you would inevitably sacrifice the ability to send marketing mails for a huge amount of mom-and-pop shops. Even destroy the business model of a couple of ESPs. I don't argue against it, on my platform here, we even go the next step and try to force our customers to even hide the used subdomain (5321.From == t.example.com | 5322.From == example.com) signed by example.com and our own domain. But we do this out of data protection reasoning, we simply don't want to handle "answers" of recipients.
I also think that even if you are a mom-and-pop shop you should get your own domain and not using gmail.com or whatever as your primary business contact. But we are not there yet and pushing to hard on this change would simply engage an even bigger unwillingness to change the status quo. The CSA requirements are being reevaluated every year and if the ISP representatives in the CSA counsel think it's time to tighten the rules it will happen. From my personal experience, they lag the ability to do an ongoing vetting of their members and it often hurts to see competitors not getting punished for obvious violations. But they bring something to the table that helps to clean up a lot of communication problems an ESP normally faces on the day to day operations. PS: i will bring the domain alignment issue as topic to the discussion for adding that as an requirement for the next iteration of the CSA rules... Kind regards, Tobias Herkula -- optivo GmbH Product Management (Infrastructure) ________________________________________ From: David Hofstee <opentext.dhofs...@gmail.com> Sent: Thursday, November 2, 2017 13:33 To: Tobias Herkula Cc: mailop@mailop.org Subject: Re: [mailop] About the Certified Senders Alliance Hi Tobias, > I'm working for an ESP who is member of the CSA and ECO and I'm one of the > biggest contender on the authentication requirements front, I don't think > that DMARC is an ESP responsibility, but think that an ESP should provide > everything necessary so that a Brand can use DMARC. So you agree with me? Good. > By forcing the ESP community of CSA to implement DMARC we would not help our > customers, we would simply give them a false feeling of having done > something, that does not solves the underlying problem. I did not say DMARC. I said DMARC-type authentication (SPF and DKIM aligned to sender domain). I specifically made that distinction because I agree that requiring (a) DMARC (policy) is not our job. That said: As an ESP you are not required to support DKIM and SPF aligned to the sender domain according to the CSA. Therefore an ESP could become a member and their customers may not be able to follow the advise to implement DMARC (as given in the guidelines, paragraph 3.10). Yours, David On 2 November 2017 at 13:00, Tobias Herkula <tobias.herk...@optivo.com<mailto:tobias.herk...@optivo.com>> wrote: I'm working for an ESP who is member of the CSA and ECO and I'm one of the biggest contender on the authentication requirements front, I don't think that DMARC is an ESP responsibility, but think that an ESP should provide everything necessary so that a Brand can use DMARC. By forcing the ESP community of CSA to implement DMARC we would not help our customers, we would simply give them a false feeling of having done something, that does not solves the underlying problem. Kind regards, Tobias Herkula -- optivo GmbH Product Management (Infrastructure) ________________________________________ From: mailop <mailop-boun...@mailop.org<mailto:mailop-boun...@mailop.org>> on behalf of David Hofstee <opentext.dhofs...@gmail.com<mailto:opentext.dhofs...@gmail.com>> Sent: Thursday, November 2, 2017 11:19 To: Alexander Zeh Cc: mailop@mailop.org<mailto:mailop@mailop.org> Subject: Re: [mailop] About the Certified Senders Alliance Hi Alexander, Welcome to Mailop. A few somewhat criticising questions on the CSA: - Complaint policy: What is the complaint policy for recipients? I tried to find it, but could not. Is anonymity guaranteed? Also not available in the data protection policy as found on the website. Please consider creating one. - Oversight: Do you have a group of people that monitor compliance of senders (and not just complaints)? - Unsubscribing. I subscribed to a few newsletters but I seem to notice a high "does not follow policy"-rate. Two examples (of 3 subscriptions, headers provided below): - Size of message: Google clips large messages. This is often where the unsubscribe link is. I did not see an unsubscribe link in this message. - List-Unsubscribe: Missing the required URL (requirement 2.21 of your admission criteria, see https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf ). Were these not tested at admission? - Leadership: I think the authentication requirements in your policy are outdated. An ESP does not even need to support DMARC-type authentication nor is it a requirement for its customers to prove they are the real senders. Do you agree? Do you think the CSA should lead in setting requirements on these topics? Is the CSA able to change such requirements? Or is the CSA afraid of the current customer base (who might protest to adding authentication)? I would like to hear CSA's opinion on that. Yours, David Example of message too large; the unsubscribe link is no longer visible in Gmail: X-CSA-Complaints: whitelist-complai...@eco.de<mailto:whitelist-complai...@eco.de><mailto:whitelist-complai...@eco.de<mailto:whitelist-complai...@eco.de>> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----msg_border_bwvxxxxx" Date: Thu, 14 Sep 2017 22:01:07 -0700 To: xyz From: HSE24 TV Programm <newslet...@angebote.hse24.de<mailto:newslet...@angebote.hse24.de><mailto:newslet...@angebote.hse24.de<mailto:newslet...@angebote.hse24.de>>> Reply-To: HSE24 TV Programm <serv...@hse24.de<mailto:serv...@hse24.de><mailto:serv...@hse24.de<mailto:serv...@hse24.de>>> Subject: Hui...jetzt wird's richtig stylisch Example of List-Unsubscribe not having URL: Date: Wed, 25 Oct 2017 15:01:33 +0000 (GMT) From: TUI <t...@email.tui.nl<mailto:t...@email.tui.nl><mailto:t...@email.tui.nl<mailto:t...@email.tui.nl>>> Reply-To: t...@email.tui.nl<mailto:t...@email.tui.nl><mailto:t...@email.tui.nl<mailto:t...@email.tui.nl>> To: xyz Message-ID: <43699742.JavaMail.app@rbg62.f2is> Subject: Welkom bij TUI MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334583_459599753.150234563453456" x-mid: 2369485 X-CSA-Complaints: whitelist-complai...@eco.de<mailto:whitelist-complai...@eco.de><mailto:whitelist-complai...@eco.de<mailto:whitelist-complai...@eco.de>> x-rpcampaign: sp2375598 Feedback-ID: pod6_15062_2375598_891291414:pod6_15062:ibmsilverpop x-job: 2375598 x-orgId: 15062 List-Unsubscribe: <mailto:v-removed-for-an...@bounce.email.tui.nl<mailto:v-removed-for-an...@bounce.email.tui.nl><mailto:v-removed-for-an...@bounce.email.tui.nl<mailto:v-removed-for-an...@bounce.email.tui.nl>>?subject=Unsubscribe> On 1 November 2017 at 17:33, Alexander Zeh <alexander....@eco.de<mailto:alexander....@eco.de><mailto:alexander....@eco.de<mailto:alexander....@eco.de>>> wrote: Hello everyone, a friend informed me about a topic going on about the Certified Senders Alliance on this mailing list. That’s why I joined it. I work for the CSA for many years now. First and foremost of all: It is definitely not true that a sender can join the CSA without any vetting. That statement bothered me a lot, because it’s a plain lie. Maybe because important information was lost in some communication between more than two parties, I don’t want to assume ill intent by anybody. In fact from every sender who wants to get certified and be whitelisted only about 10% make it through the whole process and are approved. Btw: the certification needs to be confirmed by the certification committee in which 2 seats out of 4 are major ISP partners. I totally agree that if you have delivery issues it shouldn’t be the first step to reach out any certification program to fix it. And this is not how CSA works. If a sender has delivery issues, in 99% these problems are justified and self made. So what the CSA does is, that in the process we find potential issues and help senders to align with current best practices aka. the CSA admission criteria. This whole process can take weeks and months and still many senders don’t achieve a certification in the end, because we take that very serious. Anybody on this mailing list, please feel free to have a look at our criteria and see for yourself if they are reasonable or not. As everything we do is completely transparent, you can find them on https://certified-senders.org/library either at the end, or you can select the type “CSA specific” to filter. Sorry about this rant-ish post, but we try our best to improve overall quality of senders, so the initial post kind of annoyed me. Anyway. I am open for discussion either here, direct with me or for example on the next M3AAWG meeting in person. Best Alex -- Best regards Alexander Zeh Engineering Manager --------------------------------------------------- eco - Association of the Internet Industry Certified Senders Alliance Lichtstrasse 43h 50825 Cologne Germany phone: +49 (0) 221 - 70 00 48 - 171<tel:%2B49%20%280%29%20221%20-%2070%2000%2048%20-%20171><tel:+49%20221%20700048171> fax: +49 (0) 221 - 70 00 48 - 111<tel:%2B49%20%280%29%20221%20-%2070%2000%2048%20-%20111><tel:+49%20221%20700048111> mobile: +49 (0) 171 - 657 2628<tel:%2B49%20%280%29%20171%20-%20657%202628><tel:+49%20171%206572628> e-mail: alexander....@eco.de<mailto:alexander....@eco.de><mailto:alexander....@eco.de<mailto:alexander....@eco.de>> web: http://www.eco.de --------------------------------------------------- eco - Association of the Internet Industry CEO: Harald A. Summa Executive board: Prof. Michael Rotert (Chairman), Oliver Süme (Deputy Chairman), Klaus Landefeld, Felix Höger, Prof. Dr. Norbert Pohlmann Register of Associations: District court (Amtsgericht) Cologne, VR 14478 Registered office: Cologne _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org><mailto:mailop@mailop.org<mailto:mailop@mailop.org>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- -- My opinion is mine. _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- -- My opinion is mine. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
