This help section describes the ARC Test and the related settings available under the
page in the navigation.Emails that pass through mailing lists, email gateways, and other message-modifying agents (even just Microsoft® Exchange), often fail to authenticate afterwards. Sender Policy Framework (SPF) breaks under most forwarding scenarios, and DomainKeys Identified Mail (DKIM) breaks when messages pass through services that modify content protected by the DKIM signature. These in turn may break the Domain-based Message Authentication, Reporting, & Conformance (DMARC) alignment validation and get a legitimate email blacklisted.
The Authenticated Received Chain (ARC), a new protocol coming down the standards pipeline, solves this problem by allowing intermediaries to attest to the validity of the email by signing the original SPF, DKIM, DMARC test results when forwarding the email. Downstream message handlers can verify the validity of this chain of attestations and choose to accept the email even if the message fails the email authentication checks.
Note that you can add your own ARC signature to emails tested by ORF by configuring ARC Signing. This can help you resolve and investigate email authentication problems in multi-server deployments.
You can enable or disable the use of the ARC Test by clicking the ON / OFF button on top of the
page, or on the page in the navigation.Choose which ORF tests can rely on previous email authentication results found in valid ARC chains when an incoming email fails the email authentication checks.
Click the Edit button to specify a list of trusted signing domains. All signatories to the chain of custody must be on this list for ORF to consider the authentication results in the ARC chain safe to use. See the Domain Lists help section regarding the configuration.
Set this checkbox if you want ORF to automatically suggest domains to add to the trusted signers list. When enabled, ORF will send any domain that appears in the d= tag of the ARC-Seal header field to the Pending Submissions queue for you to approve or reject.
Visit the ARC website at https://arc-spec.org/.
ORF implements RFC8617, published in July 2019.
Verification results are recorded in the Authentication-Results header as specified in RFC8601.