What about senders from small emerging market countries having a very
hard time getting any widely accepted assurance group to vouch for them?
Also in more mature markets, not all of the existing companies and
universities running their own mail servers will be eager to spend
$5000/year on a vouch.
Sheesh. The point of having a standard is to make it easy to
interoperate. That means that anyone who wants to set up a VBR
vouching service can do so, and anyone who wants to use your vouching
service can also do so by adding a line to a config file. I certainly
have no intention of paying anyone $5000 to get mail from my tiny
Like Dave, I don't see any reason to expect one economic model or
another to predominate, and no reason at all to expect there to be
only a small oligoply set of providers. Although I think that VBR is
a swell idea, it also seems rather a stretch to expect that it would
ever become so popular that you couldn't get mail delivered without
In the near term, the most likely usage I see is for phish resistance.
If organizations like the FDIC were to publish a VBR list of the
domains of their genuine member banks, that would make it easier to
have a mail system put a flag on suitable signed incoming mail to say
"this is really from a bank."
Ietf mailing list