[dmarc-discuss] DMARC thwarted already?
arvel.hathcock at altn.com
Thu Jun 5 20:45:15 PDT 2014
On 6/5/2014 9:42 PM, John Levine via dmarc-discuss wrote:
>> Presumably, if VBR is already an RFC, why couldn't DMARC integrate with it? As a large
>> receiver I would never trust a set supplied by the sender, but if I had a handful of locally
>> defined vouching services, then I could use that to bypass a DMARC enforcement in the event
>> that the message passes SPF and DKIM, yet fails alignment.
> As one of the authors of VBR, I think that'd be a dandy idea.
Through the graciousness of the real authors my name is also on that
one. We've provided a free VBR service as a value add to our MTA
customers for years which we run and police ourselves. Not that anyone
else does (or should) but our customers trust us (for the most part)
that if we say a domain is OK (and VBR is how we do that) then they skip
spam filtering, or lessen it, etc. I've just finished implementing
DMARC for my next version and it will use the VBR service too in just
the way you've described. I've read that Spamhaus runs a VBR
white-list as well called the "BWL" but I don't know anything else about
More information about the dmarc-discuss