CSA checklist For CSA certification certain criteria must be met. You can use the following checklist to see which criteria you already meet. Please note that the checklist is only a simplified form of the criteria. You can find the complete criteria here. Name of Company (hereinafter referred as "our" or "we") Your first and last name Your email address Mandatory criteria 2.1Naming of IP addresses In principle, all IPs used must be named and certified at the CSA. We would like to certify IP addresses of all used outgoing email servers and can name them to the CSA. yesno Legal Criteria Permission 2.2Consent Emails are only sent to recipients who have given prior consent (opt-in) in accordance with the CSA criteria. yesno 2.3Exception to the explicit opt-in Emails without explicit opt-in will only be sent in exceptional cases in compliance with the requirements (see CSA criteria). yesno 2.4Data collection by third parties Email addresses acquired from third parties will only be sent if the requirements are met (see CSA criteria). yesno Design of the email 2.5Legal notice We as the sender or our client are clearly identifiable in the legal notice. yesno 2.5 aThe legal notice contains the name and address of us as the sender or of the customer. If we or our customer are a legal entity, the legal structure, recorded register, and register number are also listed. yesno 2.5 bThe legal notice contains contact information, at least one valid telephone number or an electronic contact form, and an email address. yesno 2.5 cThe legal notice contains a tax identification number or a business identification number, if applicable. yesno 2.6Opt-out We have integrated an easy opt-out option into every email. yesno 2.7Commercial nature The identity of the sender and the commercial nature of the commercial email are made clear in either the header or subject line. yesno Technical Criteria 2.8 Our servers are adequately secured technically (for example with a firewall, no open relay, no public proxy, no backscatter, constantly monitored servers). yesno 2.9 Layout and composition of our emails comply with the current Request for Comments (RFC) of the IETF. yesno 2.10 The delivery of our emails to the recipient takes place via a "Transport Layer Security (TLS)"-secured connection. yesno 2.11 Our PTR records of the sending mail servers resolve uniquely to at least one Fully Qualified Domain Name (FQDN). Conversely, the IP address in the A record contains this FQDN. The designation of the FQDN is recognizable and readable as the server of the mass email infrastructure. yesno 2.12 We own and monitor an abuse address in the scheme "abuse@org-domain.tld." yesno 2.13 We have sole responsibility over the sending mail servers. As evidence, we are able to enter the token provided by the CSA in the DNS of the respective host name. yesno 2.14 Our outgoing email servers are used exclusively for automated sending of bulk mailings or so-called transactional emails. yesno 2.15 Our SPF record is set according to the CSA criteria. yesno 2.16 Our MX record is set according to the CSA criteria. yesno 2.17 Our sent emails sent contain a "List-Unsubscribe" header with a "POST HTTPS" link including "One-Click-Unsubscribe" functionality for list-based mailings, or a "List-Help" header with a "mailto:" address or a HTTPS link for non-list-based mailings. yesno 2.18 After successful certification, an "X-CSA Complaints" header must be used. We are able to implement this. yesno 2.19 To avoid redirect abuse, we are able to deactivate any redirect links used at short notice. yesno 2.20 Our DKIM signature is set according to the CSA criteria. yesno 2.21 Our emails contain a DKIM alignment according to the CSA criteria. yesno Reputation Criteria 2.22 Our hard bounce rate per mailbox provider is under 1.0 %. yesno 2.23 The spam click rate per IP address, per DKIM domain, or per email Sender is below 0.3 % at a mailbox provider. yesno 2.24 Our company has reputation problems at participating mailbox providers of the CSA. yesno If so, what are the problems?