Who defines and enforces these standards?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Email standards come from a few key places, and understanding who makes the rules helps you see why your email matters to ISPs. The IETF (Internet Engineering Task Force) publishes the technical specifications called RFCs. These are the blueprints that email software has to follow to work at all. RFC 5321 is SMTP. RFC 6376 is DKIM. These aren't suggestions. they're the foundation.
Then you've got industry groups like the Certified Senders Alliance (CSA) and M3AAWG (Messaging, Malware, and Mobile Anti-Abuse Working Group). They create best practice guidelines that major ESPs and ISPs follow. These standards are voluntary on paper, but in practice, mailbox providers build them into their filtering. If you're not following CSA guidelines, Gmail and Microsoft notice.
Here's where enforcement really happens: mailbox providers implement the rules. They check your SPF, DKIM, and DMARC records. They monitor complaint rates. They watch your sending patterns. Messages that fail authentication get rejected or spam-folded. This market-based enforcement is indirect but incredibly powerful. To stay in the inbox, you're following IETF specs and CSA best practices whether you realized it or not. The sooner you audit your current setup against these standards, the better your deliverability gets.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.