After a successfully implementation of OpenARC on a Linux enviroment I have now started to look at the possibility to implement it on a Exchange environment.
I am fully aware that the draft is subject to change, but providers like Google has already implemented it. Therefore, I would like to deploy it on a Exchange 2013 server.
So my question is, what is the best approach to deploy ARC (Authenticated Received Chain) on a Exchange 2013 environment? Is it even possible yet? Or should I relay the mails throu another server which signs the messages with the ARC header and DKIM?
In On-premise Exchange, we can use SPF, DKIM and DMARC to prevent spoofing message. No official document about ARC with On-premise Exchange for now.
ARC can be used in Office 365. Refer to: How antispoofing protection works in Office 365
I did "solve" it by route emails via a Linux server instead, configured with postfix, amavisd-new (for DKIM signing) and openARC.
The emails is signed correctly and valid. I consider this the "solution" for now until Microsoft has implemented it in Exchange Server.