Seth, your link led me to this link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#how-microsoft-365-utilizes-authenticated-received-chain-arc
Which says, "Microsoft 365 currently utilizes ARC to verify authentication results when Microsoft is the ARC Sealer, but plan to add support for third-party ARC sealers in the future." My translation: "When a Microsoft-hosted domain authenticates a message and then forwards it to another Microsoft-hosted domain, Microsoft is able to recognize the forward and not classify the message the message as a malicious impersonation." I cannot see how Microsoft needed ARC to accomplish this underwhelming feat. DF On Fri, Mar 24, 2023 at 7:18 PM Seth Blank <s...@sethblank.com> wrote: > Microsoft is using ARC quite heavily, and has reported on this list and at > M3AAWG of the impact it makes > > Microsoft even has on their public roadmap that tools are being built for > their customers to enable per-customer sealers that they choose to trust: > https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=dmarc > > On Fri, Mar 24, 2023 at 5:06 AM Steven M Jones <s...@crash.com> wrote: > >> On 3/24/23 3:48 AM, Douglas Foster wrote: >> > >> > Do we know if any entity other than Google is successfully using ARC >> > as an evaluation tool? >> >> >> FWIW: In late 2021 a "German company" reported that it was able to >> "recover" about 10% of messages that had failed other authentication >> checks by validating ARC. >> >> --S. >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc