cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3181
Views
23
Helpful
7
Replies

CSCvi29672 - Implementation of Authenticated Received Chain for ESA

meliux
Level 1
Level 1

So is there any news about this? The bug/feature request has been open for quite a few months now, and the timestamp on it looks to have been updated just a couple of days ago... eagerly awaiting ARC support being added to ESA so that we can get improved DMARC outcomes, especially where mailing lists are involved. 

7 Replies 7

This has been outstanding since it was originally raised with cisco in 2017, that's nearly 7 years going on without it being introduced in any firmware release since v11 (and v15 is just coming out). 

Has anyone created message filters or content filters that can deal with ARC processing that they are willing to share? At the very least to deal with services like onmicrosoft.com whom double DKIM sign messages with their own internal domains AND a public resolvable one which triggers CISCO's constant DKIM failure state on receiving a message? 

It feels a bit strange that it is so quiet around this topic, after all this is a quiet expensive security product and at least myself thinks it should be in the front when it comes to stuff like this.

If it helps, I got confirmation from a CISCO TAC case that ARC is expected to come in v16 in the current firmware pipeline. 

Thank you for the information. Feels good to know that it's coming at least. But I have a feeling v16 is a year or two away since v15 is still quiet new. The good thing is that I can drop it for now and fokus on other things

Regards

Micke

Thank you for bringing this to our attention. We understand the importance of ARC support for enhanced DMARC outcomes particularly with mailing lists involved. Our team is actively working on this and has recently updated the timestamp on the bug/feature request. We appreciate your patience and will keep you posted on any developments.

dukebox
Level 1
Level 1

It would be nice if we had an official published roadmap for the ESA evolution..other than getting told by a TAC engineer...as it seem its all vaporware, no fact...we are getting questions from our management and our only answer is, we don't know...we shouldn't have to open a TAC improvement request to get this, you guys should lead us to the cutting edge of improvements againts spam fight!

  • I was told by a TAC engineer that TLS 1.3 was coming in V15
  • I was told by a TAC engineer that ARC was coming in V16
  • I was told by a TAC engineer that DKIM 4096 would get supported
  • Support for other URL expand and open redirect abused (aka expand support for constantcontact  r20.rs6.net link abused, linkedin etc)
  • The new gui was supposed to merged and/or replaced the OLD gui on the SMA

is it so complicated to have committment and have a clearer roadmap? - apology if this exist but I never found one

Because it seem that there is not much traction and not much going on around the ESA development as even bug fixes seem to take a long time.

We need a clearer direction if you still want to work and get support from our user community.

We know that ARC is Experimental ref : (https://datatracker.ietf.org/doc/html/rfc8617) but it has been adopted by the big guns like Microsoft, google, Yahoo, and to me, Cisco is a big gun too! 

But if you guys just waiting to implement that it become an official standard, can we at least be told instead of being kept in the dark ??

sorry for my rant, but too often I am looking for improvements and, like many, I stumble on an old thread for the question requested years ago and no positive outcome nor clear roadmap...0 official feedback like I just found out for ARC

Can we make this a new resolution for 2024 as we need better communication and roadmap if you want us to keep our commitment to your products??  Is it asking too much?

 

Thank you

meliux
Level 1
Level 1

welp... v16 is here and still no ARC support in sight. 

What's going on, Cisco?