Recently, RFC 8617 established the Authenticated Received Chain (ARC) Protocol, a new and powerful email authentication and security standard that allows legitimate forwarded emails to be delivered without any issues. ARC has been in testing for several years with Google and another inbox provider to transform the theoretical solution into a full-fledged standard.
What is ARC?
ARC allows mail handlers (email servers) to preserve a “chain of custody” that shows where the respective message originated and all subsequent handling entities via authentication data when forwarding emails. To get more specifics about the ARC protocol, click here.
Before ARC, a forwarded email would no longer pass DKIM alignment because there was no standard for preserving the original and subsequent DKIM signatures. An unaligned message might then fail DMARC and be rejected by the final inbox provider and never reach your customer’s inbox.
The ARC protocol establishes a standard for preserving DKIM alignment when a message is forwarded. This helps these messages look less suspicious to the receiving inbox providers by ensuring emails that are forwarded pass authentication and avoid being labeled as spoofed messages.
Why is ARC important?
ARC becoming a standard applied to all inbox providers is highly important for your email deliverability. With ARC, if your business forwards email and has implemented DKIM, your email chain of custody will no longer break, resulting in higher delivery rates. While SPF alignment breaks under most message forwarding instances, DKIM breaks when emails pass through forwarding services that modify content involving a DKIM signature. Even if the email fails SPF and DKIM validations, the inbox provider can choose to validate the ARC standard.
It is imperative that your business email implement DKIM as soon as possible to improve email deliverability and leverage the benefits of ARC.
ARC Enables more DMARC Adoption
The creation of the ARC standard shows continued support for the DKIM, SPF and DMARC standards that are the basics for email deliverability. ARC allows messages that have been forwarded via mailing lists, list servers, and email gateways to pass DKIM authentication and not break during delivery. DKIM is integral to achieving DMARC compliance, so the ARC standard also allows more senders to pass strict DMARC policies. Strict DMARC block non-DMARC compliant email to improve your company’s overall email deliverability by reducing the threat of fraud and phishing using your domain.
What do I need to do to take advantage of ARC?
The first steps to leveraging ARC involve the adoption of basic email deliverability standards – SPF, DKIM and DMARC. If you have not already read it, MxToolbox has a great guide to setting up these protocols. Once you have SPF, DKIM and DMARC setup, inbox providers that have adopted ARC will automatically process your email appropriately.