Return Path has updated the Certification Requirements. The document includes comprehensive information for senders who are interested in understanding Certification: what the program is, what the audit process is like, and the necessary requirements to become and stay Certified. 

The new  requirements are: 

1. Consent: Single opt-in consent (sign ups with no notification or verification) is no longer acceptable. GDPR Legitimate Interest Assessment for consent is now recognized.
2. DKIM: All messages must now sign with DKIM.
3. List-Unsubscribe Header: All commercial and promotional messages must now include this functionality.

There are additional updates that are not expressly new requirements for compliance, but include specific additional detail worth mentioning.

1. Legality: Acknowledging the implementation of GDPR, it is now included in the list of regulations Certified senders must comply with, if applicable by business operations or location.
2. Privacy Policy: Privacy statements for brand domains and sites, must clearly designate  relationship to the Certified member parent company.
3. DMARC: Is now recommended.

Updated Certification Requirements

Attached below are copies of our up to date Certification Requirements.