Microsoft is working to enable users of Microsoft Defender (opens in new tab) for Office 365 (opens in new tab) to customize a new authentication mechanism in a bid to further extend its anti-spoofing protection.
Named Authenticated Received Chain (ARC), Microsoft has already enabled the new authentication mechanism for all Office 365 hosted mailboxes to help preserve authentication results even when an email hops (opens in new tab) through multiple intermediaries.
“With this change, admins will be able to add trusted intermediaries in the Microsoft 365 Defender portal to allow Microsoft to honor these ARC signatures, thereby allowing legitimate messages,” notes Microsoft (opens in new tab) in its roadmap.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
Reporting on the development, BleepingComputer (opens in new tab) says that the ability to customize ARC configurations to include additional trusted intermediaries enables message alterations with proper attribution and links the intermediary’s signatures to their domain name, thus keeping the ARC chains intact.
Explaining the need for the new functionality, Microsoft explains that traditionally email senders use authentication mechanisms such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting, and Conformance (DMARC) to authenticate emails.
However, in the current arrangement, a legitimate intermediate service may potentially make changes to the email, which would result in the message to fail authentication by the time it lands in the recipient’s inbox (opens in new tab).
Microsoft says that ARC helps preserve the email authentication results through all the intermediaries, between the originating server and the recipient’s mailbox, enabling Microsoft 365 to be able to verify the authenticity of the sender.
According to the roadmap, the ability to customize ARC configuration is estimated to be generally available to all Office 365 users in March 2022.