Enhance DMARC By Adding the Authenticated Received Chain (ARC) Protocol
Mailgun should enhance their mail engine MTA to use the Authenticated Received Chain (ARC) protocol with all inbound and forwarded messages that go through Mailgun.
There are 2 situations where this will help. When evaluating inbound emails and the DMARC policy of the sending domain is checked and fails or when Mailgun receives an email sent to a mailing list that, in turn, sends the message to all mailing list members.
For both these scenarios, if a DMARC check is done and the original sending party has a policy of quarantine or reject, it is possible for these valid emails to either not get delivered or end up in a spam/junk folder, even though they came from a valid source but just went through multiple mail systems before reaching its final destination.
By adding ARC, the DKIM signature and SPF results are included with each hop along the way so when the message reaches it's final destination, that mail system, with ARC enabled, can look at the received chain within the mail headers and determine it came from a valid source and choose to override the DMARC policy of the originating mail system because their information is included and valid in the first hop results.
Other major ESPs like AOL and Google are already implementing this and Microsoft and Yahoo have plans to do so soon. It would be great if Mailgun also added this protocol so it could evaluate the ARC chain on incoming messages and have more successfully delivered to the recipients inbox and also include ARC information for messages sent via mailing lists or forwarded from an individual mailbox so the end receiving system has the ARC information to evaluate and determine if it is legitimate, even though it went through an intermediary mail system.
You can read more information about ARC here:
https://www.dmarcanalyzer.com/arc-is-here/
Rob H.
shared this idea
Hi folks,
We have released support for ARC. We now evaluate DKIM/SPF and add signed ARC headers if messages are forwarded using our Routes (inbound emails), as well as messages that are sent to or are replied to on a mailing list.
Please let our support team know if you encounter any issues with this release!
-
stawell commented
Hi there,
I encountered the below error.
I have the SPF and DKIM in correct setup (in screenshot).What could be the cause of this issue? any suggestion?
Thank you very much!
Best regards,
Khon== error message (NOTE: abc.com is not the real domain)
5.7.26 Unauthenticated email from abc.com is not accepted due to 5.7.26 domain's DMARC policy. Please contact the administrator of 5.7.26 abc.com domain if this was a legitimate mail. To learn about 5.7.26 the DMARC initiative, go to 5.7.26 https://support.google.com/mail/?p=DmarcRejection m10-20020a0cf18a000000b0067eb145cf98si31444686qvl.388 - gsmtp
-
Anonymous
commented
We use Mailgun as a forwarder and often get notices that an email has been rejected/flagged as spam. I'm like, but we're not the source of the messages, we're just forwarding them along. However, without ARC, there's no way that email providers know that. In addition, this also has a negative affect on our sender reputation.
-
Michael Rothrock
commented
+1 because gmail is becoming very aggressive about enforcing DMARC. If ARC isn't supported, I'm going to have to migrate to a different solution so email will be delivered.
-
Justin
commented
Another +1. Mailgun is becoming less useful as email providers are becoming stricter with DMARC.
-
Nick
commented
+1 for this. We use Mailgun primarily as a forwarder, so almost all of our emails are indirect. We're seeing an increasing amount of emails being rejected by gmail as DMARC no longer passes.
