Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing emails from mailflow marked with arc=fail

Hello.

Regarding to the following discussion community.sophos.com/.../outgoing-emails-from-mailflow-arrive-in-spam I have a question.

We have the same problem. Is there a solution to this now? We use Sophos Mailflow and the error "arc=fail" can be found in all mail headers of all outgoing mails.
If we deactivate the outbound MailFlow, the error disappears. SPF, DKIM and DMARC should be configured correctly.
So whats the problem with the ARC?

I would be grateful for a hint.
Best regards
Ronny

Here are the latest ARC results:

(The Mail was send from our Microsoft365 domain.de to an Google Mail Account)

Authentication-Results: mx.google.com;
       dkim=pass header.i=@domain.de header.s=selector1 header.b=yt2KMVaM;
       dkim=pass header.i=@mail-dkim-eu-central-1.prod.hydra.sophos.com header.s=v1 header.b=p2rjqMLN;
       arc=fail (signature failed);
       spf=pass (google.com: domain of test@domain.de designates xxxxx as permitted sender) smtp.mailfrom=test@domain.de;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=domain.de
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail;
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 94.140.18.225) smtp.rcpttodomain=googlemail.com smtp.mailfrom=domain.de; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=domain.de; dkim=pass (signature was verified) header.d=mail-dkim-eu-central-1.prod.hydra.sophos.com; arc=fail (47)

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=domain.de; dmarc=pass action=none header.from=domain.de; dkim=pass header.d=domain.de; arc=none



This thread was automatically locked due to age.
Parents
  • ARC is not supported by Sophos Email at this time. We have had internal discussions on this topic and plan to introduce ARC support but at this point in time it is closer to 2025 than 2024. 

  • Hi,

    correct me if Im wrong, but as far as I know the ARC-standard is currently in development and isnt widely supported.

    Do you have any ideas what would happen if more and more providers accept that standard and implement some kind of quarantaine for ARC-failueres? Should we just deactivate Sophos MFR till ARC is supported or is there any other way to eliminate this issue?

    Kind regards

Reply
  • Hi,

    correct me if Im wrong, but as far as I know the ARC-standard is currently in development and isnt widely supported.

    Do you have any ideas what would happen if more and more providers accept that standard and implement some kind of quarantaine for ARC-failueres? Should we just deactivate Sophos MFR till ARC is supported or is there any other way to eliminate this issue?

    Kind regards

Children
No Data