I was recently made aware that larger e-mail providers (notably gmail) started to implement ARC. In a nutshell, ARC fixes the problems DMARC causes for FLOSS mailing lists. I thought it’d be nice to bring the existance of ARC to a wider audience.
I am not sure adding more mechanisms to email will help fighting spam much.
For most spam I could identify the source, it was due to a broken and not updated website plugin that let an attacker enough to call PHP’s mail() function, using the well-configured, rDNS FCrDNS, DKIM-signed, SPF-validated, … stack that the legitimate content is using.
But fighting the origin is not possible due to the nature of SMTP, permitting to each and every computer on connected to Internet to send legitimate email.
Our clients keep asking us to become a “big mail provider” or to switch to one ourselves.
For improving our deliverability, “having more specifications to comply to” is a better option than “becoming Google, Amazon, Outlook, Apple, MailChimp or SendGrid”.
ARC is not really adding a new mechanism to fight spam. It is a fix to make DMARC more viable.
By reading it from this point of view, this makes more sense. Thanks!