Why email is worth protecting

Email is currently used by over four billion people worldwide and is the most important means of communication for companies. As its design and features have evolved over the past 50 years, email has survived countless trends, proving its timeless relevance and functionality. Unlike other centralised messaging services, email is a decentralised system based on open standards. Its decentralised nature, based on open standards, allows users to be independent of specific providers, even enabling them to operate their own email server. At a time when security, privacy and autonomy are key concerns, email is an essential and protected pillar of global communication.

The necessity and desirability of self-regulation

Self-regulation in the email ecosystem is beneficial, as reacting spontaneously to new changes is challenging under regulation. It is crucial to change and enforce laws, but this requires time and effort. Self-regulation allows for an agile response to technical changes and is more effective than regulation, especially in technology-oriented economic sectors.

Self-regulation allows us to be more flexible, especially when it comes to adjusting our terms of participation. In contrast, adapting to changes in legislation requires a more elaborate process. In a successful self-regulatory system, the benefits must outweigh the responsibilities for all stakeholders. This is critical because self-regulation only works if everyone has an incentive to participate. Through this approach, we can ensure that technology standards are brought to market and that users are protected. Our goal is to work effectively and create a successful ecosystem where best practices are followed, leading to a return on investment for all parties.

Self-regulation as a success factor

The Certified Senders Alliance is a service of the eco Association of the Internet Industry, in cooperation with the German Dialogue Marketing Association (DDV). Since its foundation in 2004, the CSA has acted as a neutral interface between mailbox providers and senders of commercial emails. We promote email as a communication channel and foster trust in email by creating a trusted environment through a self-regulatory approach.

The CSA steps in where existing laws are lacking or ineffectively enforced. Certified senders agree to abide by the CSA’s criteria to protect the email ecosystem. In return, they receive deliverability benefits and data to protect their sender reputation. Compliance with the CSA Criteria improves incoming email traffic for mailbox providers, thereby increasing user protection. In addition, mailbox providers can transparently and reliably track which companies are behind specific IP addresses and, if necessary, tighten spam filters without blocking legitimate email.

The CSA’s nearly two decades of success, the internationalisation of participating senders and mailbox providers, and the growing number of IPs and DKIM domains on the certified list demonstrate both the demand and the need for this form of self-regulation.

Our contribution to an enhanced email ecosystem

Implementing standards in practice

This approach ensures that technology standards are brought to market while keeping users safe. It is now best practice for commercial email to have a specified SPF record, a DKIM signature and a DMARC record. These authentication standards give mailbox providers transparency as to the true sender of an email. If no one adheres to these technical standards, email recipients can potentially become victims of bad actors.

As more entities adhere to these standards, and only those that do not are filtered out, providers can sharpen their filters. Yahoo and Google have recently updated their sender guidelines accordingly – in order to protect their recipients. Certified senders can rest easy, as those requirements have been included in the CSA Criteria for a long time. On the other hand, senders who have not yet adopted best practices really need to start changing their behaviour right now, or they will not reach their email recipients in the future.

Putting these standards into practice is challenging but can be made more effective through self-regulation and the creation of incentives. The triad of self-regulation, user protection, and securing email through open standards keeps email safe and attractive for everyone.