06-01-2017 07:09 AM
I was reading about the newest email protection standard. Can you say if this will be implemented on the IronPorts?
https://www.dmarcanalyzer.com/arc-is-here/
Thanks!
06-01-2017 12:02 PM
Hi,
I do not see any active feature requests to implement that at the moment.
You could open a TAC case or contact your accounts team to file a new one.
Thank You!
Libin Varghese
10-18-2019 08:52 AM
Hi Libin,
Its been about two years now since this topic was discussed. What is PG stance on this feature? Did it make to AsyncOS 13.x? Or was any logic added to the ESA to honor the ARC values? This feature would be uber beneficial.
Regards,
Chet
09-18-2018 12:20 PM
Thank you. I'd like to see this as well, given Google's backing, and the arc=pass entries I'm seeing on my DMARC reports.
10-21-2019 04:37 AM
Hi Matt
you can do ARC validation today with the Ironports just need to do some scripting:
a) in log subsription under global settings add the following three x-headers
ARC-Authentication-Results, ARC-Seal, ARC-Message-Signature
b) built a content filter like and PVO for the following for analysis phase
GUI_Trap_ARC: if (recv-listener == "InboundInterface") AND (header("ARC-Seal")) { log-entry("-- ARC-Seal detected --"); duplicate-quarantine("TrapARCPass"); }
it is up to you to decide what to do once you understand what ends up in your quarantine. We upload the three fields above to our SIEM for every message and can run pretty good reports on senders and ARC verdicts. I would highly recommend dropping all messages where the ARC-Authentication-Results are failing.
A typical string looks like this:
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
13.86.34.99) smtp.rcpttodomain=fmc-na.com smtp.mailfrom=yammer.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=yammer.com; dkim=none (message not signed); arc=none
So you need to create now a final message filter to parse for arc status and take action based on
results.
I hope that helps until we get official ARC inbound and outbound support.
-Marc
10-21-2019 09:55 AM
10-21-2019 11:22 PM
Hi Ken,
yes your understanding is correct , this is what we are doing.
Since the ARC result headers combine the results of MX, SPF, DKIM , DMARC and ARC results it is a very good source for additional checks on verdicts.
Regards
Marc
10-21-2019 06:53 AM
06-03-2020 06:51 AM
Any news regarding support for the ARC protocol?
Cheers!
08-30-2020 09:08 PM
Could we please get an update on implementing ARC?
11-23-2020 02:21 PM
ETA Please! I also asked my account team to ask the BU about this feature timeline.
11-24-2020 12:34 AM
yeah please stop hiding an come with an ETA....
04-08-2021 07:31 AM
When will it implemented ? We need ARC
05-03-2021 01:44 PM
You can subscribe for the feature request mentioned previously by Libin or can talk with your Cisco Account Manager/s about its importance.
02-28-2023 06:11 AM
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29672
It has been updated Jan 18, 2023, but no solution or advisory was published.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide