The Vouch By Reference (VBR) protocol allows senders to list certification providers to serve as sources of certification information for senders' outgoing mail. For this certification information to be available to receivers, two things must happen:

• The sender must include a VBR header in outgoing messages that include information on the certification providers who vouch for it

• The certification provider must make vouching information available through the DNS

Overview

The VBR protocol specifies that a sender includes a VBR-Info header in each message that they send that is to be vouched by certification providers. The structure of the VBR-Info header is fully defined in the VBR protocol specification.

Sending Example

Assume that SomeBank has the domain name somebank.com. SomeBank has two companies who are willing to vouch for its transactional notices: certifier-a.com and certifier-b.com. The signer would add the following to the headers of its outgoing message:

   VBR-Info: md=somebank.com; mc=transaction; mv=certifier-a.com:certifier-b.com;

Best Practices

Be sure you do not include any certification providers in the the VBR-Info header that do not vouch for the type of message you specify. If you do, it is likely that recipients will treat your messages as unvalidated. You can test whether or not each certification provider you use currently vouches for you before creating the VBR-Info header.

Senders should ensure that messages conform to all relevant technical standards such as RFC 2822 (message format), and RFC 2045 and 2046 (MIME).

If a sender is sending mail on behalf of a client, the From: domain should be the client's or a subdomain of the client's, e.g., mailprovider.somebank.com. Mail providers should not send mail for different clients using the same From: domain. The signature domain should be a domain that certifiers vouch for, which may be the client's domain or the sender's domain.