Vouch by Reference ( VBR) is a protocol used in Internet mail systems for implementing sender certification by third-party entities. Independent certification providers vouch for the reputation of senders by verifying the domain name that is associated with transmitted electronic mail. VBR information can be used by a message transfer agent, a mail delivery agent or by an email client.
The protocol is intended to become a standard for email sender certification, and is described in RFC 5518.RFC 5518, "Vouch By Reference", P. Hoffman, J. Levine, A. Hathcock (April 2009)
VBR-Info: md=''domain.name.example''; mc=''type''; mv=''vouching.example'':''vouching2.example''
The returned data, if any, is a space-delimited list of all the types that the service vouches, given as lowercase ASCII. They should match the self-asserted message content. The types defined are transaction, list, and all. Auditing the message may allow to establish whether its content corresponds. The result of the authentication can be saved in a new header field, according to RFC 6212, like so:
Authentication-Results: ''receiver.example''; vbr=pass header.mv=''vouching.example'' header.md=''domain.name.example''
Spamhaus has released The Spamhaus Whitelist that includes a domain based whitelist, the DWL, where a domain name can be queried as, e.g., dwltest.com._vouch.dwl.spamhaus.org. Although the standard only specifies TXT resource records, following a long established DNSBL practice, Spamhaus has also assigned A resource records with values 127.0.2.0/24 for whitelist return codes. The possibility to query an address may allow easier deployment of existing code. However, their techfaq recommends checking the domain (the value of the d= tag) of a valid DKIM-Signature by querying the corresponding TXT record, and their howto gives details about inserting VBR-Info header fields in messages signed by whitelisted domains. By 2013, one of the protocol authors considered it a flop.