ARC makes DMARC even better

DMARC is foundational for email security, and now things are only going to get better with the development of ARC.

What is ARC?

ARC stands for Authenticated Received Chain. It was developed in 2016 to resolve some issues that may arise with how SPF, DKIM, and DMARC cope with indirect mail flow.

So what was the problem?

DMARC currently relies on the pass result and alignment of either SPF or DKIM to make a decision on what to do with an email. If one protocol fails but the other passes and aligns then DMARC will pass. However, in some specific cases with indirect mail flow, both SPF and DKIM might fail to result in DMARC failure.

This is because if a sender has a DMARC policy of reject and an email:

  • a) travels through a mailing list
  • b) passes through a filtering service
  • c) is forwarded
  • or d) has its content modified

then both SPF and DKIM might fail, and hence DMARC might also fail. This means the email will never reach the end user’s mailbox.

SPF tends to break during forwarding due to the change of IP address that happens during forwarding. DKIM may also break if the content of the email is altered in transit, such as putting an unsubscribe footer at the bottom of a mailshot.

How is ARC the solution?

ARC was developed to preserve the authentication results of emails when traveling across many hops as it inserts its own headers. This means that if DMARC fails during transit the recipient might choose to look at the ARC results instead, overriding the results from DMARC and accepting the emails.

Who’s supporting ARC right now?

ARC has already been implemented by some well-known ESPs and ISPs, like AOL and Gmail, and others are on the way too. Of course, Red Sift supports ARC too! Our award-winning DMARC product OnDMARC quickly and simply informs users whenever an email’s DMARC results are trumped by ARC.

Interested in seeing how OnDMARC can help you improve your security, protect your brand, and boost your deliverability too? Enjoy a free trial below!

free trial red sift

PUBLISHED BY

Clare Holmes

15 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
News

Meet Red Sift Radar: The Skilled Up LLM That Finds and Fixes…

Rahul Powar

After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.  With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By…

Read more
News

G2 Fall 2024 Report: Red Sift OnDMARC Wins Big

Francesca Rünger-Field

We’re delighted to share that Red Sift OnDMARC’s winning streak continues. This Fall, we’ve once again been named a Leader in G2’s DMARC category, achieving recognition in both the overall Leader category and Europe for the first time. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more