CSA IP Reputation List


This past July, several of our clients began experiencing greater than normal spam folder placement at Microsoft Outlook.

Our research shows that these issues coincide with Microsoft’s adoption of the Certified Senders Alliance (CSA) IP Reputation List.  Initially this has mostly affected UK and Latin America Microsoft addresses, as CSA filtering was rolled out first in those regions.

The Certified Senders Alliance (CSA) Central Whitelist was created in 2003 by eco – Association of the Internet Industry, in partnership with the German Dialog Marketing Federation (DDV) .

The CSA Whitelist offers commercial mass e-mailers an effective solution for avoiding delivery problems with their email campaigns.

By using the CSA Whitelist, ISPs can optimize the delivery of incoming mail to their subscribers while protecting them from spam email. Senders who are CSA-certified identify themselves as trustworthy and reputable to the ISPs affiliated with CSA.

CSA-certified senders are subject to very strict approval criteria. Certification requires senders to comply with both technical standards and legal specifications.

The legal criteria are in line with the latest E.U. legislation currently in force. Any commercial emails sent within the E.U. Member States must meet these criteria:

  • Opt-in: Sending emails only to addresses who have given their consent (alternatively: existing customer relationship with the option to opt-out)
  • A legal notice (imprint) in every email in full, or as a link which leads to webpage with the legal notice within a maximum of two clicks
  • The provision of the option to withdraw consent and unsubscribe in every email
  • No disguising of identity of the commercial nature of the email

The technical criteria have been developed and specified based on feedback from ISPs, technology partners and senders and are constantly updated, as required.

Below are examples of some of the technical criteria that CSA Whitelist senders must comply with:

  • Sole technical control of the sending server, either directly or through managed hosting or ESP.
  • Every server/IP address must not only have a unique A-Record but also have a matching rDNS
  • WHOIS entry of the IP address and/or the host domain refer to the technical sender including a valid and available abuse contact
  • List hygiene and handling bounces: removal of an addressee’s email address from the list after a maximum of three hard bounces
  • Use of SPF, DKIM and DMARC for authentication
  • A list-unsubscribe header to allow easy unsubscription or a list-help header in exceptional cases.

A full list of the CSA admission criteria is located here:


Microsoft’s Terry Zink explains how Microsoft is using the CSA IP Reputation List in his 7/6/2017 blog post here:


We can assist any client experiencing E.U. & LATAM Microsoft Outlook deliverability issues with a CSA Deliverability Audit that will examine their email program infrastructure specifically for CSA compliance.