MDaemon Technologies Blog

ARC (Authenticated Received Chain): What problem does it solve?

By Brad Wyro

Businesses concerned about the shortfalls of DMARC with forwarded messages and mailing lists will benefit from new email authentication features coming soon to MDaemon Email Server version 24. Discover how ARC (Authenticated Received Chain) enhances email security and solves authentication issues.

Understanding ARC and its significance

ARC (Authenticated Received Chain) is a technology that enhances the security and reliability of email communications.

It is an extension of the existing email authentication standards, such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), and provides a way to validate the authenticity of email messages as they pass through multiple servers.

ARC helps to solve the problem of email authentication by allowing email recipients to track the authentication results of each email hop in the delivery chain. This ensures that the email has not been modified or tampered with during transit and provides a higher level of trust in the email's origin and content.

ARC also addresses the issue of legitimate emails being marked as spam or rejected by email filters due to authentication failures caused by forwarding or mailing list services.

By preserving the authentication results throughout the email delivery process, ARC allows legitimate emails to pass the authentication checks even if they have gone through intermediate servers.

The problem of email authentication

Email authentication is a crucial aspect of email security.

It helps to prevent email impersonation and spoofing, ensuring that the email sender's identity can be verified and trusted.

However, the existing email authentication standards have limitations when it comes to emails that are forwarded or go through mailing lists.

When an email is forwarded, the original authentication information is lost, and the forwarded email may fail the authentication checks, leading to the email being marked as spam or rejected.

Similarly, when an email goes through a mailing list service, the authentication information gets overwritten, and the email may fail the authentication checks as well.

These authentication failures can result in legitimate emails being wrongly classified as spam or rejected, causing inconvenience and potential loss of important communication.

How ARC addresses authentication challenges

ARC addresses authentication challenges by creating a chain of authentication results that can be verified by the email recipient.

ARC - Authenticated Received Chain Diagram

 

When an email is sent, each server in the delivery chain adds its authentication result to the ARC header of the email.

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@example.com header.s=20132151.pm header.b=SaTOwM7u;
       dkim=pass header.i=@ex.mtasv.com header.s=pm header.b=uUBEpN9j;
       spf=pass (google.com: domain of pm_bounces@exbounces.example.com designates 20.34.152.121 as permitted sender) smtp.mailfrom=ex_bounces@exbounces.example.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example.com
 

The recipient's email server can then validate the entire chain of authentication results to ensure that the email has not been modified or tampered with during transit.

By preserving the authentication results, ARC allows the recipient to trust the email's authenticity even if it has gone through intermediate servers.

ARC also introduces a new header field called 'seal' that is used to indicate whether the authentication results have been successfully validated or not.

ARC-Seal: i=1; a=rsa-sha256; t=1504715872; cv=none;
        d=google.com; s=arc-20160816;
        b=Nz9pPmKDifg+wmSdwCnUjXvG9jG9WFoF6fghYY1QdGolnG/TZoGeuJHkzDl8KQyVtt
         xsTqAtlPRurwu2PTZLRnPafig2TOAXI+0/qFic8pmRnPrWP+0r4
         N838/B8VMHPYKxp7g6mgrQ
         0dC5MbYSQ7UBrljWB2p3E3RZCOXLt6pdEDcu
         jMMVFJusIEOr+al0Iv610kx10pxUimQrZtSRL
         8HPA==

This helps the recipient's email server to determine whether the email should be trusted or treated as suspicious.

Overall, ARC provides a way to maintain the integrity of email authentication even in scenarios where emails are forwarded or go through mailing lists.

Benefits of implementing ARC

Implementing ARC has several benefits for both email senders and recipients.

For email senders, ARC ensures that their legitimate emails are not marked as spam or rejected due to authentication failures caused by forwarding or mailing lists.

For email recipients, ARC provides a higher level of trust in the authenticity of the received emails. They can be confident that the email has not been tampered with during transit and that the sender's identity has been verified. This helps to reduce the risk of falling victim to email phishing attacks and other email-based scams.

Overall, implementing ARC enhances email security and improves the overall email experience for both senders and recipients.

Future implications of ARC in email security

The adoption of ARC has the potential to significantly improve email security in the future.

As more email service providers and organizations implement ARC, the reliability and trustworthiness of email communications will increase. With ARC, it becomes more difficult for malicious actors to forge the origin of an email and deceive recipients.

In addition, the preservation of authentication results throughout the email delivery process can enable better email filtering and classification, reducing the risk of false positives or false negatives.

ARC support is coming soon to MDaemon Email Server. When it becomes available, you'll be able to download your free trial here.

Brad Wyro

Written by Brad Wyro

Brad has worked in technical and marketing roles at MDaemon Technologies, where he contributes as Content Marketing Manager. Brad balances technical and creative information to develop easy to understand videos and content to educate prospects and customers.

BACK TO ALL ARTICLES

Subscribe to Email Updates