What is the ARC protocol?

ARC (Authenticated Received Chain) is a protocol for email messaging that aims to add an additional layer of security to email authentication by using digital signatures. It allows email senders to sign their emails using a private key, and recipients to verify the signature using a public key to ensure that the email is indeed coming from the claimed sender.Without the ARC protocol, authentication based on SPF (Sender Policy Framework) alone cannot guarantee the security of emails that have been redirected. Similarly, DKIM (DomainKeys Identified Mail) can often be destroyed in transmission by relays that change the email content or headers. This can lead to emails being wrongly rejected when DMARC (Domain-based Message Authentication, Reporting & Conformance) policies are restrictively applied. With ARC, end-to-end email security can be guaranteed, provided that each relay sets a seal and is trusted by subsequent relays. The main players that set the seals are Microsoft, Google and Mimecast.

ARC is designed to address the security issues related to emails that pass through multiple intermediate mail servers, which can alter or remove existing authentication headers. It allows senders to sign the emails at each step of the transmission, which allows recipients to verify the authenticity of the email even if it has been sent through multiple intermediate servers. It also allows signing multiple times and maintaining the chain of custody.

In summary, the Authenticated Received Chain (ARC) protocol is a method for improving email authenticity by adding a digital signature from each mail server that handles the email, and to allow verifiers to check each step of the chain to confirm the authenticity of the email.