Status of ARC
The Authenticated Received Chain, or ARC, was submitted to the IETF as an independent Internet Draft on Friday, October 16th, 2015.
On June 25th, 2016 the ARC specification and usage documents were adopted as official work items of the IETF DMARC Working Group. Links to these documents are given below.
What is ARC?
When an email sender or Internet domain owner uses email authentication to make it easier to detect fraudsters sending messages that impersonate their domain, some services like mailing lists or account forwarding may cause legitimate messages to not pass those mechanisms, and then they might not be delivered. These services may be referred to as intermediaries because they receive a message, potentially make some changes to it, and then send it on to one or more other destinations. This kind of email traffic may be referred to as an indirect mailflow.
ARC preserves initial email authentication results across subsequent intermediaries (“hops”) that modify the message and thus will cause email authentication to fail to verify when the message reaches its final destination.
How can I learn more and/or participate?
- You can read the current draft specification for ARC.
- You can read the current draft of the recommended usage document for ARC.
- General questions about ARC should be brought to the arc-discuss list operated by DMARC.org. Feel free to visit the list information and subscription page. Please note that this is a technical forum intended for IT professionals, programmers, network operators, etc. Consumers or end-users should contact their service provider’s help desk for assistance.
- Analysis and development of the protocol should be carried out in the IETF DMARC Working Group. Instructions for subscribing are available on the list information and subscription page. If you join, please take the time to read through the list archives and familiarize yourself with the discussion to date.
- Read the press release that announced the ARC protocol in October 2015
What are the next steps for ARC?
Between October 2015 and June 2016 the ARC protocol benefited from community review and input while several parties planned and then developed implementations. Several interoperability events were held so that implementations could be tested against each other, and more are expected. There are three implementations that have participated in the interoperability events, and a few others have been mentioned privately.
Any changes to the protocol will now come from work within the IETF DMARC Working Group. Over the course of 2016, implementations will be put into production, or stand-alone packages will be released. These will build real-world experience with use of the protocol at Internet scale, and will provide important feedback for the authors and the Working Group.