Discussion about whether it's possible to add ARC (Authenticated Received Chain) to the CipherMail Gateway


I just set up my first CipherMail Community Edition with Mailcow. I am really impressed and love it.

However, I stumbled upon the DKIM problem, that others already found. I was wondering whether the problem can be solved by integrating ARC (Authenticated Received Chain).

Wikipedia says: "Authenticated Received Chain (ARC) is an email authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email’s original authentication results. This allows a receiving service to validate an email when the email’s SPF and DKIM records are rendered invalid by an intermediate server’s processing. ARC is defined in RFC 8617, published in July 2019, as “Experimental”.

I would love to hear your feedback and disuss the topic further.

Kind regard :blush:

While reading about ARC, I found this page showing that ARC might a perfect addition to CipherMail. A Complete Guide to ARC Authentication for Email Security - Mystrika - Cold Email Software

It says that * ARC verifies message routing – Validates intermediary servers handling encrypted mail. Therefore, does anybody know how to make CipherMail add ARC headers to the E-Mails, so that the original DKIM gets verified?

At the moment we have no plans on developing ARC support ourselves. That said, you can use existing ARC modules with Postfix and integrate this with the CipherMail back-end

  1. GitHub - fastmail/authentication_milter: Email Authentication by SPF/DKIM/DMARC etc.
  2. ARC module

hi martijn,

thanks for the feedback, I was thinking about that too.

One other question, would it solve the dkim error when I delay the dkim signing by rspamd after the mail has been re-injected on port 10026?