Concluding the Arc Experiment
The ARC experiment aimed to address issues with DMARC authentication failures caused by intermediaries modifying email messages. When messages are forwarded, authentication can break due to changes in IP addresses and message content, leading to legitimate emails being flagged as unauthenticated. The experiment sought to create a signature chain that allows trustworthy intermediaries to attest to the original state of the message before any modifications occurred.
- ▪DMARC relies on SPF and DKIM authentication, which can fail when intermediaries modify messages.
- ▪Forwarding often breaks authentication because the forwarding infrastructure appears as the sending IP.
- ▪The ARC experiment targeted the issue of intermediaries rewriting messages and aimed to establish a chain of custody for email authentication.
Opening excerpt (first ~120 words) tap to expand
2.1. Problem Space: DMARC Breakage at Intermediaries DMARC relies on successful SPF and/or DKIM authentication along with alignment with the Author Domain. When intermediaries modify a message (for example, subject or body changes, footer insertion, MIME adjustments), DKIM signatures from the originator can fail to verify; when an intermediary relays mail through different IPs than are defined within the originator’s SPF record, SPF authentication can fail. As a result, messages that were legitimate at origination can appear unauthenticated downstream, even if the intermediary handling is benign.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ietf.
Discussion
0 commentsMore from Ietf
