Opposite experience also for me.
Working in the past for an ESP (that was both SuretyMail and CSA
certified) I received some complaints from CSA.
The complaint process asks also to demonstrate that the data was
correctly collected (site, timestamps, IP, privacy statement accepted,
privacy flag text on the form).
They seems to work as "arbitrator" but:
* complaints sometimes comes after months from the user and they
always accept them (very strange that it happens seems to be forged)
* they keep sometimes the complaint for a long period (also months)
before ask for the data
* as ESP we was asking to the customer the original data and sometimes
48 hours wasn't enough time to find the data manager in office
* even if there were all the possible data replied back in the same
day of the request, a reprimand was always given
Sometimes they asked for data but customer wasn't any more using the ESP
so we cannot get data to avoid accessing data without the consent (we
wasn't any more data processor for that customer) but a reprimand was
anyway given.
One time the user write both us and to the ECO, asking just to be
unsubscribed and when/where he was subscribed.
We unsubscribed the user the same day and replied him with his
subscription data, the user replied us "thank you", ECO was always kept
in CC.
After a couple of weeks, they asked for data for the same complaint. We
replied all the necessary data but the reprimand was given.
IMHO they really care about best practice but the ESP was always
considered guilty if a complaint is given and it's not correct.
I also seen a very famous European marketing logic platform suspended
for repeated reprimand so CSA probably doesn't care about how big is the
company, they just apply their rules.
Note. I also asked the certification for the actual company and they
decided not to give it us because of "warnings of content scanner" and
no, we wasn't sending any "less than first class" content.
They probably sniffed some spam subscription or comments notified to our
staff mailboxes (hosted on google apps) but they didn't said it us, just
a negative result after 5 months from the application.
Hope it can help.
--
Stefano
Il 03/10/2019 18.51, Benjamin BILLON via mailop ha scritto:
I have the exact opposite experience and feeling.
The few times people complained to CSA about emails sent through our network,
their complaint office contacted us (NOT in a timely manner as they seem quite
busy), asking to provide some information such as the context of consent
collection, that we had to provide within 3 business days. Failing to deliver,
or failing to provide proof of lawful consent (German law isn't kidding) would
result in a reprimand, and getting reprimands can lead to being suspended or
excluded from the certification.
Their admission criteria and rules of procedures are publicly available:
https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf
&
https://certified-senders.org/wp-content/uploads/2017/07/CSA_Rules_of_Procedure.pdf
Violations are also publicly available:
https://certified-senders.org/participants/
CSA is part of ECO, and they don't only deal with spam, but a various range of
malicious or illegal stuff (think child porn).
On the other hand, RP initially asked for all the email traffic of a brand to
be certified, but that changed overtime, because well, there are some traffics
that are not certifiable, and brands still want to send those.
Also, when a certification is suspended (in the case of our clients, usually
because of Microsoft SRD), not much is done. Although suspended, the invoicing
isn't.
We were certified by ISIPP (as an ESP) many years ago, and I don't remember
going through an extensive check process for that. As we didn't see any
improvement in the deliverability, we stopped not long after.
I'm not saying your business models are bad, but implying that CSA is all about
the money, it's the pot calling the kettle black.
At least from my Europe-based experience.
--
Benjamin
-----Original Message-----
From: mailop <mailop-boun...@mailop.org> On Behalf Of Anne P. Mitchell, Esq.
via mailop
Sent: jeudi 3 octobre 2019 17:22
To: Mail Op <mailop@mailop.org>
Subject: Re: [mailop] Certified Senders Alliance
The CSA has, to the best of my knowledge, never been about best practices, let
alone about enforcing them. The only two organizations anywhere that are truly
about certifying email senders because they are following best practices are
(again, to the best of my knowledge), Return Path and us.
Anne
--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose CEO/President,
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board
of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System
(MAPS)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
