ARC – Authenticated Received Chain

What is ARC?

When an email sender or Internet domain owner uses email authentication to make it easier to detect fraudsters sending messages that impersonate their domain, some services like mailing lists or account forwarding may cause legitimate messages to not pass those mechanisms, and such messages might not be delivered. These services may be referred to as intermediaries because they receive a message, potentially make some changes to it, and then send it on to one or more other destinations. This kind of email traffic may be referred to as an indirect mail flow.

ARC preserves email authentication results across subsequent intermediaries (“hops”) that may modify the message, and thus would cause email authentication measures to fail to verify when that message reaches its final destination. But if an ARC chain were present and validated, a receiver who would otherwise discard the messages might choose to evaluate the ARC results and make an exception, allowing legitimate messages from these indirect mail flows to be delivered.

Do I need to make changes to my SPF/DKIM/DMARC record to adopt ARC for my domain?

No, the domain SPF/DKIM/DMARC record does not need to be altered to adopt ARC. This is an update to the validation technique which should be adopted by the receiving mail gateways.

Is ARC a globally adopted standard?

The Authenticated Received Chain, or ARC, was adopted as an official work item of the IETF DMARC Working Group in June 2016, and the specification was published as RFC 8617 on July 9th, 2019.

Who has adopted ARC?

Google has added ARC verification and sealing to their email services (Gmail, G Suite, and Google Groups). The popular Mailing List Manager (MLM) software Sympa incorporated ARC in v6.2.38, and ARC is being incorporated into the next release of the Mailman MLM –  ARC configuration directives are already in the online documentation.

The commercial MTAs Halon and MailerQ incorporate ARC, and the milters authentication_milter and OpenARC can be used to deploy ARC with the Postfix, Oracle Communications Messaging Server, and Sendmail MTAs. Several open-source libraries and modules are already available for those who need to integrate ARC functions into their systems.

How do I deploy ARC for my infrastructure?

If you are using a commercial OEM mail gateway solution you might coordinate with them to check on the status of ARC adoption.

If you use an opensource gateway like postfix/sendmail then you might deploy OpenARC to your platform.

Leave a Reply