On 6/5/2014 9:42 PM, John Levine via dmarc-discuss wrote:
Presumably, if VBR is already an RFC, why couldn't DMARC integrate with it? As
a large
receiver I would never trust a set supplied by the sender, but if I had a
handful of locally
defined vouching services, then I could use that to bypass a DMARC enforcement
in the event
that the message passes SPF and DKIM, yet fails alignment.
As one of the authors of VBR, I think that'd be a dandy idea.
Through the graciousness of the real authors my name is also on that
one. We've provided a free VBR service as a value add to our MTA
customers for years which we run and police ourselves. Not that anyone
else does (or should) but our customers trust us (for the most part)
that if we say a domain is OK (and VBR is how we do that) then they skip
spam filtering, or lessen it, etc. I've just finished implementing
DMARC for my next version and it will use the VBR service too in just
the way you've described. I've read that Spamhaus runs a VBR
white-list as well called the "BWL" but I don't know anything else about
it. http://www.spamhauswhitelist.com/en/techfaq.php.
Arvel
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
