RFC 8617 “The Authenticated Received Chain” Published

The Authenticated Received Chain, or ARC, was published by the IETF RFC Editor on Tuesday, July 9th, 2019 as RFC 8617. The general information page for RFC 8617 can be found here, but there are direct links to HTML, PDF, and text versions available. ARC has been published under the IETF’s Experimental status, which is explained in this section of RFC 2026. This reflects that fact that some fine-tuning is expected after Internet senders and receivers gain experience with the protocol after deploying it widely, and seeing what the operational impacts are.

DMARC.org first publicly announced the ARC protocol in October 2015, and it became an official work item of the IETF DMARC Working Group in June 2016. The specification went to “working group last call” in October 2018, but attention shifted to several related areas that needed clarification. This led to revisions to the header field for authentication status (RFC 8601), and updating SPF (RFC 7208), DKIM (RFC 6376), and DMARC (RFC 7489) to better handle internationalized domain names (RFC 8616).

Working Group Completes Last Call For ARC Specification

TheĀ DMARC Working Group has completed Last Call for the ARC specification. This means that when the final consensus changes are incorporated, the document will be submitted for approval and publication by the IETF. It is possible that the specification might be published before the next IETF meeting in November, though perhaps more likely between then and the following meeting in March 2019.

The ARC specification has been under development by the Internet Engineering Task Force’s (IETF) DMARC Working Group since roughly June 2016. In July, just over two years later, the Working Group reached a milestone known as Working Group Last Call (WGLC). During Last Call the members of the group determine if consensus has been reached on the content of the document in question. If so, any final changes are made to the document and it is submitted to one or more IETF officials known as Area Directors. Upon review they may ask questions or make suggestions, and when satisfied, the document is approved for publication.

The ARC specification grew out of work begun by a group known as OAR in the summer of 2014. OAR refers to a proposed email header named Original Authentication Results, the subject of a draft proposal published in 2012.