Microsoft Authenticated Received Chain
Microsoft is working to enable users of Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti spoofing protection dubbed Named Authenticated Received Chain (ARC),
Microsoft has already enabled the new authentication mechanism for all Office 365 hosted mailboxes to help preserve authentication results even when an email hops through multiple intermediaries.
With this change, admins will be able to add trusted intermediaries in the Microsoft 365 Defender portal to allow Microsoft to honor these ARC signatures, thereby allowing legitimate messages.
The ability to customize ARC configurations to include additional trusted intermediaries enables message alterations with proper attribution and links the intermediary’s signatures to their domain name, thus keeping the ARC chains intact.
Email senders use authentication mechanisms such as SPF, DKIM, DMARC to authenticate emails. A legitimate intermediate service may potentially make changes to the email, which would result in the message to fail authentication by the time it lands in the recipient’s inbox.
Microsoft says that ARC helps preserve the email authentication results through all the intermediaries, between the originating server and the recipient’s mailbox, enabling Microsoft 365 to be able to verify the authenticity of the sender.
Thie ability to customize ARC configuration is estimated to be generally available to all Office 365 users in March 2022