ARC is set to make DMARC better than ever
So for those of you who have got your head around all the benefits of DMARC (for those needing a quick refresher then check out this blog) we have great news! Things are only going to get better with the development of ARC.
ARC stands for Authenticated Received Chain and it was developed in 2016 to resolve some issues that may arise with how SPF, DKIM and DMARC cope with indirect mail flow.
So what’s the problem?
DMARC currently relies on the pass result and alignment of either SPF or DKIM to make a decision on what to do with an email. If one protocol fails but the other passes and aligns then DMARC will pass. However, in some specific cases with indirect mail flow both SPF and DKIM might fail resulting in DMARC failure.
This is because if a sender has a DMARC policy of reject and an email travels through a mailing list, a filtering service, is forwarded or has its content modified then both SPF and DKIM might fail and hence DMARC might also fail meaning the emails will never reach the end user’s mailbox.
SPF tends to break during forwarding due to the change of IP address that happens during forwarding. DKIM may also break if the content of email is altered in transit, such as putting an unsubscribe footer at the bottom of a mail shot.
How is ARC the solution?
ARC was developed to preserve the authentication results of emails when travelling across many hops as it insert its own headers. This means that if DMARC fails during transit the recipient might choose to look at the ARC results instead, override the results from DMARC and accept the emails.
Who’s supporting ARC right now?
ARC has already been implemented by some well known ESPs and ISPs, like AOL and GMail, and others are on the way.
And we are of course! At OnDMARC we’re busy working on an update to our UI that will quickly and simply inform users whenever an email’s DMARC results were trumped by ARC. As soon as it’s ready, we’ll let you know.