VBR — New Domain-Level Reputation Technique

For the last few months, we've been tracking a promising new proposed standard for controlling spam. The technique can also address related problems, such as phishing.

It's called Vouch By Reference, or VBR. It provides a reputation service for domains; i.e., it provides a way of checking that the right-hand side of the @ sign is trustworthy, rather than IP addresses. The idea is simple and very promising:

  • When you send an email, you can provide a list of one or more third-party references that will vouch for you, and say you're a reputable sender.
  • The recipient looks at your list, and sees if any of your third parties are people he/she trusts.
  • The recipient then sends a request to a mutually trusted third party, to check you're kosher.
  • This is all done automatically, and the protocols involved are easy to implement.
  • The From address can't be forged, through mandatory use of DKIM.

Richi previously wrote about the organization developing the VBR standard -- The Domain Assurance Council.

The first commercial implementation is by Alt-N Technologies, which gave us a demo recently. VBR deserves support and industry attention.

... David Ferris

Post a comment

You must be logged in to post a comment. To comment, first join our community.