IETF Proposes Retiring ARC Email Authentication Protocol in Favor of DKIM2 Successor

Summary

The IETF has published an Internet-Draft proposing the conclusion of the ARC (Authenticated Received Chain) experiment, calling for RFC 8617 to be marked obsolete. ARC was introduced as an experimental protocol to preserve email authentication across forwarding, mailing lists, and intermediaries that modify messages—a critical problem when DMARC, SPF, and DKIM signatures break during message handling. The proposal recommends that ARC be phased out and replaced by DKIM2, a successor to the widely-used DomainKeys Identified Mail (DKIM) standard that will incorporate lessons learned from ARC's operational deployment.

According to the draft, authored by T. Adams (Proofpoint) and J. Levine (Taughannock Networks), the ARC experiment successfully demonstrated how intermediaries could create a cryptographically verifiable chain of custody documenting authentication checks at each hop. However, the emerging DKIM2 work is positioned to address the same problem space more effectively by building authentication resilience directly into DKIM's successor, eliminating the need for ARC as a separate layer. The document summarizes operational experience with ARC and explains how insights from the experiment are being integrated into the next-generation email authentication framework.

• Organizations relying on ARC should plan to transition to DKIM2 once standardized

Editorial Opinion

While ARC represented an important experiment in preserving email authentication across intermediaries, consolidating this functionality into DKIM2 makes architectural sense and could streamline the email authentication landscape. However, the transition period may create complexity for organizations currently invested in ARC deployments, and the IETF should provide clear migration guidance to ensure continuity of email security during the shift to DKIM2.