ARC preserves initial authentication results across subsequent intermediaries (“hops”) that modify the message and thus will cause email authentication to fail to verify when the message reaches its destination
Intended to address situations where indirect mailflows are adversely affected when the sending domain publishes certain DMARC policies.
This specification updates the SPF, DKIM, and DMARC specifications to clarify which form of internationalized domain names to use in those specifications.
Message Header Field for Indicating Message Authentication Status, RFC 8601
This document specifies a message header field called “Authentication-Results” for use with electronic mail messages to indicate the results of message authentication efforts.
Interoperability Issues between DMARC and Indirect Email Flows, RFC 7960
Describes how the DMARC mechanism enables potentially disruptive interoperability issues when messages do not flow directly from the author’s administrative domain to the final recipients, and presents possible methods for addressing them.
Authentication Failure Reporting Format (AFRF), RFC 6591
A new report sub-type extension for the Abuse Report Format (ARF) (see: RFC 5965)
Allows for relaying of forensic details regarding an authentication failure
Supports reporting of SPF and/or DKIM failures
For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a “fail” result
For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred
Also supports ADSP reporting of messages that weren’t signed but should have been
This is the basis for per-message failure reports sent by participating DMARC receivers/verifiers.
An aggregate reporting format is included in an appendix of the DMARC specification.