What is ARC? Does it Replace DMARC?

By Shehzad Mirza


In June 2016, a new protocol was adopted by the IETF DMARC Working Group called ARC.  Is it related to DMARC, as in the Authentication, Reporting and Conformance part?  Will it replace DMARC?  The answers are not exactly and no.

ARC stands for Authenticated Received Chain.  The ARC protocol will preserve email authentication results across third party systems, as well as mailbox providers, that could potentially modify a message – those third party systems being mailing lists and mail forwarders.  If an organization is using DMARC, they can safely send messages to a mailing list or mail forwarder without breaking SPF, DKIM and DMARC.

At this time AOL and Gmail use this protocol and have been able to validate messages which contain the ARC headers.

As of March 2017, the IETF DMARC Working Group is asking that mailbox providers or intermediaries plan for the implementation of ARC within their systems.  

For more information about ARC, please visit http://arc-spec.org/. Here you will find information on products and code for ARC, as well as mailing lists to learn more about ARC.

The author, Shehzad Mirza, is the Deputy Director of Operations at the Global Cyber Alliance. You can connect with Shehzad on LinkedIn.