Microsoft is working to enable users of Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti-spoofing protection.
Named Authenticated Received Chain (ARC), Microsoft has already enabled the new authentication mechanism for all Office 365 hosted mailboxes to help preserve authentication results even when an email hops through multiple intermediaries.
“With this change, admins will be able to add trusted intermediaries in the Microsoft 365 Defender portal to allow Microsoft to honor these ARC signatures, thereby allowing legitimate messages,” notes Microsoft in its roadmap.
Reporting on the development, BleepingComputer says that the ability to customize ARC configurations to include additional trusted intermediaries enables message alterations with proper attribution and links the intermediary’s signatures to their domain name, thus keeping the ARC chains intact.
Message arc
Explaining the need for the new functionality, Microsoft explains that traditionally email senders use authentication mechanisms such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting, and Conformance (DMARC) to authenticate emails.
However, in the current arrangement, a legitimate intermediate service may potentially make changes to the email, which would result in the message to fail authentication by the time it lands in the recipient’s inbox.
Microsoft says that ARC helps preserve the email authentication results through all the intermediaries, between the originating server and the recipient’s mailbox, enabling Microsoft 365 to be able to verify the authenticity of the sender.
According to the roadmap, the ability to customize ARC configuration is estimated to be generally available to all Office 365 users in March 2022.
