Vouch By Reference (VBR) is a protocol for adding third-party certification to email. The protocol has two parts, one for the sender and one for the receiver.
The first part of the protocol requires the sender to add information to their email header by creating a field called VBR-Info. The information in the field tells the receiver three things:
- The sender's domain.
- The type of content the message contains.
- A list of domain names for services that the sender expects will vouch for the legitimacy of the email.
The second part of the protocol requires the recipient to compare the list of services VBR-Info provides with a list of services the recipient trusts. The recipient then queries each service that is common to both lists: the service uses information the domain owner has registered with the domain name service (DNS) to determine whether the sender's
If VBR becomes widely adopted, it will provide the recipient with another way to fine-tune spam scores on incoming email and allow the sender to increase the odds that an email will arrive safely in the recipient's inbox. Before the protocol can become successful, however, it must be accepted and deployed by senders, receivers, certification providers, and mail server and anti-spam software vendors.
The Vouch by Reference protocol is being promoted by the Domain Assurance Council (DAC).
The Vouch by Reference protocol is RFC 5518.