What is CSA (Certified Senders Alliance)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

CSA stands for Certified Senders Alliance. It is a whitelist program run jointly by eco, the largest internet industry association in Europe, and the DDV (Deutscher Dialogmarketing Verband, the German dialogue marketing association). If you send commercial email into Germany, Austria, or Switzerland, CSA is the name you keep hearing in deliverability reports.

Think of it like a paid TSA PreCheck for email. You apply, you pay an annual fee, you sign a contract that binds you to a specific list of technical and legal rules, and in return your IPs get added to a feed that participating mailbox providers consume. When your mail shows up, those providers know it came from a vetted sender, so they skip some of the filtering they would otherwise apply.

The participating providers list matters more than the brand. CSA feeds into 1&1, GMX, Web.de, T-Online (Deutsche Telekom), Freenet, mail.com, and a long tail of regional German and European mailbox providers. Those domains together cover the majority of consumer inboxes in the DACH region (Germany, Austria, Switzerland). Gmail, Outlook, and Yahoo do not use CSA. If your audience is US or UK only, the certification will not move your numbers.

What you actually have to do to get certified

The CSA admission criteria are public and they are stricter than what most US senders are used to. The short version:

  • Valid SPF, DKIM on every message, and an aligned DMARC record. See What is RFC 7489 (DMARC)? for the policy side.
  • Confirmed opt-in (also called double opt-in) for every address on a marketing list. A web form submit is not enough. The recipient has to click a confirmation link before you can mail them.
  • A working List-Unsubscribe header, including the one-click POST version from RFC 8058.
  • A complaint rate under 0.1 percent at participating providers, measured over a rolling window.
  • A bounce rate that stays in normal ranges. Repeated hard bounces to the same address get you flagged.
  • A physical postal address and a valid imprint in every message, which is a German legal requirement (the Impressumspflicht), not a marketing nicety.
  • A signed contract that gives CSA the right to audit you and revoke certification if you stop following the rules.

The rules are reviewed regularly. The current version is published on certified-senders.org and the eco complaints office handles abuse reports against certified senders.

What you get back

Two things. First, your mail is more likely to reach the inbox at participating providers, because their filters give CSA traffic a benefit of the doubt that uncertified senders do not get. Second, when something does go wrong, you get a faster escalation path. Most German mailbox providers will not talk to a random sender about a deliverability problem. They will talk to CSA.

The certification is not magic. If your complaint rate spikes or you start mailing purchased lists, you lose the cert, and the providers stop trusting your IPs. CSA polices its own list, which is the whole point. A whitelist that lets bad senders stay on it is worthless to the providers consuming the feed.

Where it fits among other standards bodies

CSA is a regional industry program. It is not a global standard. M3AAWG publishes best-practice papers that the whole industry references, the IETF writes the RFCs that define how SMTP, SPF, DKIM, and DMARC actually work, and CSA enforces a compliance program tied to a specific geographic market. They overlap in subject matter but they do different jobs.

If you send into the DACH region and you are not certified, ask yourself why your complaint rate, opt-in process, and authentication are not already at CSA standards. Those are the bar for any serious commercial sender, certification or not. The cert is the proof, not the work.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Decide if CSA certification fits your strategy

I'm considering CSA certification for my [your sending type: newsletters, promotional emails, transactional, etc.]. What does the certification actually require? Is it worth the effort for my business, and does it really improve deliverability, especially in target region: Germany, Europe, etc.?

Edit the yellow boxes, then send to the AI of your choice.