Certified Server Validation (CSV) is a technical method of email authentication intended to fight

spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...

. Its focus is the SMTP HELO-identity of mail transfer agents. CSV was designed to address the problems of

MARID ''Marid'' ( ar, مارد ') is a type of devil in Islamic traditions. The Arabic word meaning ''rebellious'' is applied to such supernatural beings. In Arabic sources Etymology The word ''mārid'' is an active participle of the root ''m-r-d'' ...

and the ASRG, as defined in detail as the intent of Lightweight MTA Authentication Protocol (LMAP) in an expire
ASRG draft
As of January 3, 2007, all Internet Drafts have expired and the mailing list has been closed down since there had been no traffic for 6 months.

Principles of operation

CSV considers two questions at the start of each SMTP session: *Does a domain's management authorize this MTA to be sending email? *Do reputable independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse? CSV answers these questions as follows: to validate an SMTP session from an unknown sending SMTP client using CSV, the receiving SMTP server: #Obtains the remote

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

of the

TCP TCP may refer to: Science and technology * Transformer coupled plasma * Tool Center Point, see Robot end effector Computing * Transmission Control Protocol, a fundamental Internet standard * Telephony control protocol, a Bluetooth communication s ...

connection. #Extracts the domain name from the HELO command sent by the SMTP client. #Queries DNS to confirm the domain name is authorized for use by the IP (

CSA CSA may refer to: Arts and media * Canadian Screen Awards, annual awards given by the Academy of Canadian Cinema & Television * Commission on Superhuman Activities, a fictional American government agency in Marvel Comics * Crime Syndicate of Amer ...

). #Asks a reputable Accreditation Service if it has a good reputation ( DNA). #Determines the level of trust to give to the sending SMTP client, based on the results of (3) and (4) If the level of trust is high enough, process all email from that session in the traditional manner, delivering or forwarding without the need for further validation. If the level of trust is too low, return an error showing the reason for not trusting the sending SMTP client. If the level of trust is in between, document the result in a header in each email delivered or forwarded, and/or perform additional checks. If the answers to both of the questions at the top of this article are 'Yes', then receivers can expect the email received to be email they want. Mail sources are motivated to make the answers yes, and it's easy for them to do so (unless their email flow is so toxic that no reputable independent accreditation service will vouch for them). CSV is designed to be efficient and elegant, and in this respect it certainly beats SPF's coverage of HELO identities. {{Anchor, CSAClient SMTP Authorization (CSA) was a proposed mechanism whereby a domain admin can advertise which mail servers are legitimate originators of mail from his/her domain. This is done by providing appropriate SRV RRs in the DNS infrastructure.

Principles of operation

External links