Status of ARC

If you are a mailbox provider or mailing list operator, it is time to begin planning your ARC implementation.

The Authenticated Received Chain, or ARC, was adopted as an official work item of the IETF DMARC Working Group in June 2016, and the specification was updated in December 2016.

AOL and GMail are already validating messages they receive with ARC headers, code libraries and a test suite are freely available, one commercial MTA already includes ARC support, and patches for popular mailing list managers (MLMs) will be released shortly (March 2017). Links to these items are available on our Resources page.

 

What is ARC?

When an email sender or Internet domain owner uses email authentication to make it easier to detect fraudsters sending messages that impersonate their domain, some services like mailing lists or account forwarding may cause legitimate messages to not pass those mechanisms, and such messages might not be delivered. These services may be referred to as intermediaries because they receive a message, potentially make some changes to it, and then send it on to one or more other destinations. This kind of email traffic may be referred to as an indirect mailflow.

ARC preserves email authentication results across subsequent intermediaries (“hops”) that may modify the message, and thus would cause email authentication measures to fail to verify when that message reaches its final destination. But if an ARC chain were present and validated, a receiver who would otherwise discard the messages might choose to evaluate the ARC results and make an exception, allowing legitimate messages from these indirect mailflows to be delivered.

Between October 2015 and February 2017, the ARC protocol benefited from community review and input while several parties planned and then developed implementations. A number of interoperability events were held so that these implementations could be tested against each other. The IETF DMARC Working Group continues to analyze the protocol with an eye to future improvements.

How can I learn more and/or participate?

What are the next steps for ARC?

If you are a mailbox provider or intermediary (mailing list operator, message forwarder), you should be planning your ARC implementation now (March 2017). AOL and GMail already validate ARC headers, and more mailbox providers will come online with ARC in the second half 2017.

Patches for the most popular mailing list managers (MLMs) will be available starting in March 2017, and code libraries are already available for those who need to integrate ARC functions into their systems. One commercial MTA (MailerQ) is available, and the OpenARC milter can be used with the Postfix, Oracle Communications Messaging Server, and Sendmail MTAs.