There will be training in configuring ARC-enabled software, and adding ARC support to email infrastructure using open source software, at the 40th general meeting of M3AAWG. This meeting will be held at the Corinthia Hotel in Lisbon, Portugal the week of June 12th. Several members of the ARC community will conduct the tutorial program on Monday, while ARC and related email authentication measures will be the topic of formal and informal discussion during this meeting. For more information about M3AAWG and their members, please refer to the M3AAWG web site.
At a recent industry conference in San Francisco, a panel presented the current state of ARC implementation and deployment. A version of that presentation is now available for review – you can download it here. As reported yesterday source code and a test suite are available now, AOL and GMail are validating ARC headers in messages they receive, and commercial products are starting to incorporate ARC – in fact, MailerQ from Copernica has already included ARC for a few months.
If you are looking for more technical detail on how the ARC protocol works, view this presentation from October 2016. Or read the current version of the protocol published by the IETF DMARC Working Group.
Several packages and libraries implementing ARC are now available, and are linked from our new Resources page. Mailbox providers and maintainers of mailing list manager (MLM) software can use these components to start adding ARC functionality to their products and services today.
For those creating their own ARC modules and products, the new ARC test suite from ValiMail is an ideal validation tool – and completely free to use. The test suite has been used to validate the dkimpy package with an Python library and command line tools, and the OpenARC milter is currently being validated.
Kurt Andersen (LinkedIn) and Steve Jones (DMARC.org) will be presenting an overview of the Authenticated Received Chain (ARC) protocol at the 38th Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) meeting in Paris, France from 1-2PM local time on Wednesday, October 26th. The description of this session from the conference agenda reads:
The new ARC specification holds the potential of addressing a number of the problems with DKIM signature breakage that cause problems for DMARC authentication. If you are interested in this topic, please join some of the key contributors to the spec for an introduction and Q&A regarding the proposed standard.
Much of the background information that will be presented in this session is available here, for those who cannot attend the session.
DMARC.org has published a new overview of the ARC protocol on their website. Download the presentation, or read their announcement. The presentation is released under the Creative Commons license, so readers can feel free to use it when explaining ARC to their colleagues or developing their own materials.
On February 19th representatives from AOL (NYSE:VZ) and Google (NASDAQ:GOOG) successfully tested the first two implementations of the ARC protocol at an interoperability event. LinkedIn (NYSE:LNKD) hosted the in-person, all-day event at their San Francisco offices and facilitated the testing. Also participating were representatives from Cloudmark, Comcast (NASDAQ:CMCSA), DMARC.org, the Trusted Domain Project, and Message Systems/SparkPost.
“We set an aggressive target for testing when we announced the ARC protocol in October. AOL and Google did an outstanding job developing implementations and preparing test systems in time for this event,” said Steven M. Jones, executive director of DMARC.org. ARC addresses a small but important class of messages, like mailing lists and forwarding services, that are impacted when a sending domain has a strong DMARC policy. Jones added, “I think ARC will allow more consumer mailbox providers and other domain operators to join AOL and Yahoo (NASDAQ:YHOO) in adopting such policies in order to better protect their users and their users’ correspondents from fraudulent messages.”
More implementations of ARC are under development, including an open source package that could be used to add ARC capabilities to existing email services. Additional interoperability testing events will be held between now and mid-year. For more information please visit the ARC protocol website at http://arc-spec.org.
The interoperability testing event mentioned when ARC was announced in October (see this press release) has been scheduled for Friday, February 19th, 2016 in San Francisco. Parties implementing the ARC protocol in their product or service by that date should consider participating in the event. Those parties should join the arc-discuss mailing list if they aren’t already on it, and may express interest in the interoperability event there or via this contact form.
What qualifies as “implementing ARC” for this event?
- Writing code (library, milter, MTA) that implements ARC functionality (signing, verifying, etc)
- Building a free/commercial product that includes ARC functionality, whether you wrote the ARC code or not
- Deploying ARC functionality in an intermediary (e.g. MLM) or receiver (e.g. mailbox provider) by the time of this event
If you have further questions, please bring them to the arc-discuss mailing list.