Our requirements are fairly simple and straightforward:
1. You must be using and in control of your own IP address(es).
2. You must have true opt-in - the knowing permission and consent - for every email address on your mailing lists; if you are an ESP you must require that of your customers. Opt-out is not ok. This also means that purchased, rented, borrowed, or otherwise acquired mailing lists are not ok.
3. You must not share the email addresses that you have with third-parties, as that facilitates spamming and otherwise emailing to non-opted-in addresses (as permission cannot be transferred).
4. You must be CAN-SPAM compliant, including having an unsubscribe link in every bulk mailing that you send. Note that being CAN-SPAM compliant on its own is not sufficient to be accepted for SuretyMail email accreditation, but it is a requirement.
THE FOLLOWING ARE NOT REQUIRED, BUT ARE STRONGLY RECOMMENDED
a. Have rDNS set up.
b. Have SPF and DKIM set up.
c. ESPs have a separate IP address for each customer - or at very least segregate your customers by opt-in level (customers who use double/confirmed opt-in are on one set of IP addresses, customers who use single opt-in are on a different set of IP addresses, customers who use opt-out are not on any IP address (i.e. don’t have customers with such poor mailing practices).
d. Have a unique per-recipient token embedded in your unsubscribe link.