Senders are required to provide their IP addresses during the certification process for new customers. We upload these and use them to create the corresponding account in the Certification Monitor. Customers and prospective customers must always provide us with all of their sending IP addresses, which are then added to the Certified IP List. To simplify processing, there are different statuses, which can sometimes result in a colorful picture like the one below.

Let’s take a closer look at the different statuses.

Active

The IP address has been successfully verified and meets the CSA criteria – the IP qualifies for certification benefits with our partners.

Not listed

The IP address has been successfully tested and meets the CSA criteria, but does not qualify for certification benefits according to CSA criterion 2.1c.

Testing

The IP address is currently undergoing testing – all technical tests are currently being performed. The status of the IP address will change as soon as possible.

Tests failed

The IP has failed one of the technical tests or is not verified. This is often due to DNS or rDNS resolution, or missing WHOIS information or the CSA token.

Delisted

The IP address has been removed from the list due to violations of the CSA criteria and does not receive any certification benefits from our partners.

Parked

The IP address has been stored in the certification monitor and assigned a verification token. This IP address has not been tested and is not valid for certification unless activated by the sender.

Monitored

The IP address belongs to a potential certification candidate and is added to the list of certified IP addresses to report on its current reputation during the application process.

Clicking on the individual categories in the chart displays a pre-filtered list of IP addresses. This then allows processing of the IP addresses to be done more quickly.

Verification of IPs

According to criterion 2.13, our customers are required to authenticate the sending IP addresses. This can be done in two ways: With the Whois entry or by setting a token. We check whether the company’s Whois entry matches that of our contractual partner. Alternatively, a token can be set in the FQDN.

In the following overview, customers can immediately see where there is still a need for verification:

Customers also have the option of explicitly filtering IPs in the “Token Results” tab to view the relevant IP addresses:

The token is a unique ID for each IP address and hostname combination, verifying ownership and responsibility when placed in the TXT entry of the hostname in the DNS.

A similar view is also available for DNS & rDNS resolution. The DNS report shows whether the hosts resolve to the expected IP addresses. The rDNS report shows whether an IP address resolves to the correct domain:

The goal is to ensure that all IP addresses are in the green zone. Once this has been set up correctly, IP management will only be required again when new IP addresses are added.

Adding IPs

This can be done either automatically via the API (CSApi) or very quickly via the interface by uploading a TSV file in the following format:

The IP addresses are then processed in accordance with the “Action” in the system:

• Parked: IP addresses are simply stored in the system without being checked or added to the list of certified IP addresses.
• Activate: IP addresses are added and checked to be included in the list of certified IP addresses in order to benefit from certification
• Not listed: IP addresses are added and checked to be included in the list of certified IP addresses without benefiting from certification
• Delete: Deletion of the IP and host name from the Certification Monitor and the IP list

Conclusion:

CSA certification is based on transparency and self-regulation. Self-service IP management enables CSA senders to maintain accurate and up-to-date IP address records, clearly communicating the scope and boundaries of their sending infrastructure to mailbox providers.

If a sending server is known and clearly verified, it is not immediately classified as a spammer, which provides the basis for reliable delivery.

Only IP addresses that are known and whose inventory is maintained, and which are used for email sending in accordance with the criteria, can benefit from CSA certification.