Hi Tobias, > I'm working for an ESP who is member of the CSA and ECO and I'm one of the biggest contender on the authentication requirements front, I don't think that DMARC is an ESP responsibility, but think that an ESP should provide everything necessary so that a Brand can use DMARC. So you agree with me? Good.
> By forcing the ESP community of CSA to implement DMARC we would not help our customers, we would simply give them a false feeling of having done something, that does not solves the underlying problem. I did not say DMARC. I said DMARC-type authentication (SPF and DKIM aligned to sender domain). I specifically made that distinction because I agree that requiring (a) DMARC (policy) is not our job. That said: As an ESP you are not required to support DKIM and SPF aligned to the sender domain according to the CSA. Therefore an ESP could become a member and their customers may not be able to follow the advise to implement DMARC (as given in the guidelines, paragraph 3.10). Yours, David On 2 November 2017 at 13:00, Tobias Herkula <tobias.herk...@optivo.com> wrote: > I'm working for an ESP who is member of the CSA and ECO and I'm one of the > biggest contender on the authentication requirements front, I don't think > that DMARC is an ESP responsibility, but think that an ESP should provide > everything necessary so that a Brand can use DMARC. By forcing the ESP > community of CSA to implement DMARC we would not help our customers, we > would simply give them a false feeling of having done something, that does > not solves the underlying problem. > > Kind regards, > > Tobias Herkula > -- > optivo GmbH > Product Management (Infrastructure) > ________________________________________ > From: mailop <mailop-boun...@mailop.org> on behalf of David Hofstee < > opentext.dhofs...@gmail.com> > Sent: Thursday, November 2, 2017 11:19 > To: Alexander Zeh > Cc: mailop@mailop.org > Subject: Re: [mailop] About the Certified Senders Alliance > > Hi Alexander, > > Welcome to Mailop. A few somewhat criticising questions on the CSA: > - Complaint policy: What is the complaint policy for recipients? I tried > to find it, but could not. Is anonymity guaranteed? Also not available in > the data protection policy as found on the website. Please consider > creating one. > - Oversight: Do you have a group of people that monitor compliance of > senders (and not just complaints)? > - Unsubscribing. I subscribed to a few newsletters but I seem to notice a > high "does not follow policy"-rate. Two examples (of 3 subscriptions, > headers provided below): > - Size of message: Google clips large messages. This is often where > the unsubscribe link is. I did not see an unsubscribe link in this message. > - List-Unsubscribe: Missing the required URL (requirement 2.21 of > your admission criteria, see https://certified-senders.org/ > wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf ). Were these not > tested at admission? > - Leadership: I think the authentication requirements in your policy are > outdated. An ESP does not even need to support DMARC-type authentication > nor is it a requirement for its customers to prove they are the real > senders. Do you agree? Do you think the CSA should lead in setting > requirements on these topics? Is the CSA able to change such requirements? > Or is the CSA afraid of the current customer base (who might protest to > adding authentication)? I would like to hear CSA's opinion on that. > > Yours, > > > David > > Example of message too large; the unsubscribe link is no longer visible in > Gmail: > X-CSA-Complaints: whitelist-complai...@eco.de<mailto:whitelist-complaints@ > eco.de> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----msg_border_bwvxxxxx" > Date: Thu, 14 Sep 2017 22:01:07 -0700 > To: xyz > From: HSE24 TV Programm <newslet...@angebote.hse24.de<mailto: > newslet...@angebote.hse24.de>> > Reply-To: HSE24 TV Programm <serv...@hse24.de<mailto:serv...@hse24.de>> > Subject: Hui...jetzt wird's richtig stylisch > > Example of List-Unsubscribe not having URL: > Date: Wed, 25 Oct 2017 15:01:33 +0000 (GMT) > From: TUI <t...@email.tui.nl<mailto:t...@email.tui.nl>> > Reply-To: t...@email.tui.nl<mailto:t...@email.tui.nl> > To: xyz > Message-ID: <43699742.JavaMail.app@rbg62.f2is> > Subject: Welkom bij TUI > MIME-Version: 1.0 > Content-Type: multipart/alternative; boundary="----=_Part_334583_ > 459599753.150234563453456" > x-mid: 2369485 > X-CSA-Complaints: whitelist-complai...@eco.de<mailto:whitelist-complaints@ > eco.de> > x-rpcampaign: sp2375598 > Feedback-ID: pod6_15062_2375598_891291414:pod6_15062:ibmsilverpop > x-job: 2375598 > x-orgId: 15062 > List-Unsubscribe: <mailto:v-removed-for-an...@bounce.email.tui.nl<mailto: > v-removed-for-an...@bounce.email.tui.nl>?subject=Unsubscribe> > > > On 1 November 2017 at 17:33, Alexander Zeh <alexander....@eco.de<mailto:a > lexander....@eco.de>> wrote: > Hello everyone, > > a friend informed me about a topic going on about the Certified Senders > Alliance on this mailing list. That’s why I joined it. > I work for the CSA for many years now. > First and foremost of all: > It is definitely not true that a sender can join the CSA without any > vetting. That statement bothered me a lot, because it’s a plain lie. Maybe > because important information was lost in some communication between more > than two parties, I don’t want to assume ill intent by anybody. In fact > from every sender who wants to get certified and be whitelisted only about > 10% make it through the whole process and are approved. Btw: the > certification needs to be confirmed by the certification committee in which > 2 seats out of 4 are major ISP partners. > I totally agree that if you have delivery issues it shouldn’t be the first > step to reach out any certification program to fix it. And this is not how > CSA works. If a sender has delivery issues, in 99% these problems are > justified and self made. So what the CSA does is, that in the process we > find potential issues and help senders to align with current best practices > aka. the CSA admission criteria. This whole process can take weeks and > months and still many senders don’t achieve a certification in the end, > because we take that very serious. > Anybody on this mailing list, please feel free to have a look at our > criteria and see for yourself if they are reasonable or not. As everything > we do is completely transparent, you can find them on > https://certified-senders.org/library either at the end, or you can > select the type “CSA specific” to filter. > > Sorry about this rant-ish post, but we try our best to improve overall > quality of senders, so the initial post kind of annoyed me. > > Anyway. I am open for discussion either here, direct with me or for > example on the next M3AAWG meeting in person. > > Best > Alex > > > -- > > Best regards > > > Alexander Zeh > > > Engineering Manager > > > --------------------------------------------------- > > > eco - Association of the Internet Industry > > Certified Senders Alliance > > > Lichtstrasse 43h > > 50825 Cologne > > Germany > > > phone: +49 (0) 221 - 70 00 48 - 171<tel:+49%20221%20700048171> > > fax: +49 (0) 221 - 70 00 48 - 111<tel:+49%20221%20700048111> > > mobile: +49 (0) 171 - 657 2628<tel:+49%20171%206572628> > > e-mail: alexander....@eco.de<mailto:alexander....@eco.de> > > web: http://www.eco.de > > > --------------------------------------------------- > > > eco - Association of the Internet Industry > > CEO: Harald A. Summa > > Executive board: Prof. Michael Rotert (Chairman), Oliver Süme (Deputy > > Chairman), Klaus Landefeld, Felix Höger, Prof. Dr. Norbert Pohlmann > > Register of Associations: District court (Amtsgericht) Cologne, VR 14478 > > Registered office: Cologne > > _______________________________________________ > mailop mailing list > mailop@mailop.org<mailto:mailop@mailop.org> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > > -- > -- > My opinion is mine. > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > -- -- My opinion is mine.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop