Why you should activate ARC in NoSpamProxy now
Authenticated Received Chain (ARC) complements existing authentication methods such as SPF, DKIM and DMARC and ensures that emails can also be reliably verified for forwarding or via mailing lists. ARC offers decisive advantages for delivery security, especially in cloud-based environments. In this blog post, you can find out why it is worth activating ARC now, and how you can easily implement it in NoSpamProxy.
What is Authenticated Received Chain (ARC)?
ARC is the latest technology in the field of sender reputation. It is widely used, especially in many cloud-based services, as it solves a known problem when using other sender reputation methods.
Why is ARC necessary?
By checking the sender’s reputation, the receiving server of an email can clearly determine whether the delivering server is authorized to deliver emails on behalf of the sending domain (SPF) and whether the email is authentic and has remained unchanged during transmission (DKIM).
DMARC is technically based on these two procedures and defines how authentication is to be carried out and how to proceed in the event of a failed check. Specifically, emails can be rejected, quarantined or allowed through.
The problem with this is that DMARC is often configured in such a way that emails are rejected, and this can also affect legitimate emails under certain circumstances. This is the case, for example, if the email has been forwarded or sent via a mailing list. In both cases, errors occur during the SPF check, as the forwarding server is usually not listed in the SPF entry of the original sender domain.
Changing the email subject or adding email disclaimers or signatures can also be problematic, as there is a possibility that DKIM validation will fail. After all, the original email has been changed.
What are the advantages of ARC?
ARC preserves the results of email authentication by SPF, DKIM and DMARC of all servers involved. Modifications to the email therefore no longer lead to errors. Each intermediate station that verifies an e-mail with regard to SPF, DKIM and DMARC and adapts the e-mail header accordingly also signs its own results with an ARC seal.
If the next server receives the email via redirection or forwarding, it must also verify all ARC information from the intermediate stations in accordance with the RFC.
How to activate ARC signing in NoSpamProxy
By default, NoSpamProxy uses ARC as part of the reputation check. In addition, NoSpamProxy also performs ARC signing, whereby both a list of signatories curated by NoSpamProxy and self-added ARC signatories can be used.
Users of NoSpamProxy Cloud Shared Stacks do not need to do anything at this point, as ARC signing is activated by default.
Activating ARC signing in the NoSpamProxy Cloud Enterprise Stacks and in NoSpamProxy Server is done with just a few clicks:
- Go to Identities > Email Authentication > Authenticated Received Chain (ARC) > ARC Signing.
- Click Modify.
- Tick the box next to Apply ARC seals to emails (recommended).
- Select the DKIM key you want to use.
- Click Save and close.
Further information on ARC can also be found in our online documentation for NoSpamProxy Cloud and NoSpamProxy Server.
Not yet using NoSpamProxy yet?
With NoSpamProxy you can reliably protect your company from scamming attacks and benefit from many other security functions. Request your free trial version now!
