Return Path has updated the Certification Requirements. The document includes comprehensive information for senders who are interested in understanding Certification: what the program is, what the audit process is like, and the necessary requirements to become and stay Certified.
The new requirements are:
- Consent: Single opt-in consent (sign ups with no notification or verification) is no longer acceptable. GDPR Legitimate Interest Assessment for consent is now recognized.
- DKIM: All messages must now sign with DKIM.
- List-Unsubscribe Header: All commercial and promotional messages must now include this functionality.
There are additional updates that are not expressly new requirements for compliance, but include specific additional detail worth mentioning.
- Legality: Acknowledging the implementation of GDPR, it is now included in the list of regulations Certified senders must comply with, if applicable by business operations or location.
- DMARC: Is now recommended.
Updated Certification Requirements
Attached below are copies of our new Certification Requirements as of July 16, 2018.