In this post, we will understand what is ARC and why it is used.
What is ARC?
ARC is the authenticated received chain added in the email header by the intermediaries.
Why ARC?
Authenticated Received Chain (ARC) solves the issues that arise in email authentication of indirect mail flow.
What is Indirect mail flow?
Indirect mail flow is when the email is not directly received from the sender system, and they are passed through the intermediaries before they are delivered to the recipients.
Eg: mails received from a mailing list, or account forwarding.
- Intermediary sends the message from a new IP address, causing SPF to fail
- Intermediary changes the message contents, causing DKIM to fail
Solution: ARC was devised to solve this problem by giving intermediate servers a way to sign the original message's validation results. Even if the SPF and DKIM validation fails, the receiving service can choose to validate the ARC chain.
What are the different parts of the ARC header?
ARC has three parts.
- ARC-seal: Contains an Instance number (i=) tag, signing domain in (d=) and the validation result of the prior ARC in (cv=) tag if found andy, and signature in (b=) tag.
- ARC-Message-Signature: Contains an instance number (i=) and a DKIM-like signature (b=) and email body hash (bh=) value calculated of the entire message except for the ARC-Seal headers, values used in the hash computation are included in the (h=) tag.
- ARC-Authentication-Results: Contains authentication results of SPF, DKIM, DMARC, and previously signed ARC.
ARC-Seal:i=1;a=rsa-sha256;s=arcselector9901;d=microsoft.com;cv=none;b=hHKv1LH/q7QPDa9zHQkK7AsDZpH527MaIpo6cdQbnsxr6NWp9ywYAPruYV78nEglARC-Message-Signature:i=1;a=rsa-sha256;c=relaxed/relaxed;d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version..; bh=JLqRj4hQ3j4my5ikpnsfqaeCAL5Ne00fEMqbrTD4h/4=; b=BD5niXEk/wUbcitOLIbm9Kec7nYro0e2lbK+3aQOdlxeIPrMdRNXttekUbcV/ARC-Authentication-Results: i=1; mx.microsoft.com 1;
spf=pass smtp.mailfrom=lab365.in;
dmarc=pass action=none header.from=lab365.in; dkim=pass header.d=lab365.in;
arc=none
- none - No ARC chain to validate
- pass - ARC chain validation passed
- fail - ARC chain validation failed
ARC-Seal: i=2; a=rsa-sha256; t=1640770738; cv=pass; d=google.com;s=arc-20160816;b=aygLwXdcqgcZtrtMEuqeytWxoiLDaym+Pw80j2czWjCLs1KxzNHerpc63DqjL5YcGYARC-Message-Signature: i=2;a=rsa-sha256;c=relaxed/relaxed;d=google.com;s=arc-20160816; h=mime-version:content-language:accept-language....;b=EJbx2vp+QM/n+eRHI802OkM6wgqurzmpChmBVGEIyOw3T7dm8GnN8W5E4hPBbGehxSARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@lab365.in header.s=selector2 header.b=pCmfPmVw; spf=pass (google.com: domain of labadmin@lab365.in designates2a01:111:f400:fea4::61f as permitted sender) smtp.mailfrom=labadmin@lab365.in; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=lab365.inarc=pass (i=1spf=pass spfdomain=lab365.indkim=pass dkdomain=lab365.indmarc=pass fromdomain=lab365.in);
ARC-Seal: i=3; a=rsa-sha256; t=1640770739; cv=pass; d=zohomail.com;
s=zohoarc;
b=aT7DKuzcGg5Gi1vT/M1EoehU0ehCFT8RxaX3XXLCFAU9Qgtqhexqw+UGWnsMtIm/
ARC-Message-Signature:i=3;a=rsa-sha256;c=relaxed/relaxed;d=zohomail.com;
s=zohoarc; t=1640770739;
h=Content-Type:Date:From:MIME-Version:Message-ID:Subject:To;
bh=JLqRj4hQ3j4my5ikpnsfqaeCAL5Ne00fEMqbrTD4h/4=; b=XHq/OSi0+YHUBPYZ38XRKZD481b91YY+J8srIOOaSc9gCRTXmWkiSqaamICWb5KoM
ARC-Authentication-Results: i=3; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of _spf.google.com designates
209.85.160.178 as permitted sender)
smtp.mailfrom=sunilkms+caf_=sunilkms=zoho.com@gmail.com;
dmarc=pass header.from=<labadmin@lab365.in> (p=quarantine dis=none)
arc=pass (i=2 dmarc=pass fromdomain=lab365.in);
Comments
Post a Comment