What is ARC?
ARC (Authenticated Received Chain) is an email authentication system that preserves authentication results when messages pass through intermediary servers, solving forwarding-related authentication failures.
ARC (Authenticated Received Chain) addresses a critical flaw in email authentication: forwarding breaks SPF, and sometimes DKIM. When you forward an email, the sending server changes, failing SPF. If the forwarder modifies the message, DKIM also fails. This can cause legitimate forwarded emails to fail authentication and get rejected.
ARC creates a chain of custody. Each server that handles the message adds an ARC signature attesting: "I received this message with these authentication results, and I'm passing it on." The final recipient can trace back through the chain to verify the message was legitimate when it entered the forwarding path.
Three ARC headers are added at each hop: - ARC-Authentication-Results: What authentication checks showed - ARC-Message-Signature: Signature of the message - ARC-Seal: Signature of the ARC headers themselves
Why ARC Matters
Email forwarding is common—mailing lists, corporate aliases, personal forwarders. Without ARC, these legitimate use cases trigger authentication failures, causing real messages to be rejected or spammed. ARC preserves the authentication context, helping receiving servers make informed decisions about forwarded mail.
How Ark Handles ARC
Ark adds ARC headers when appropriate, ensuring your emails maintain authentication context through forwarding. This is particularly important for transactional emails that might be auto-forwarded to secondary accounts—password resets forwarded to a monitoring account, for example. Our infrastructure handles ARC automatically.
Frequently Asked Questions
How does ARC relate to DMARC?
ARC complements DMARC. When DMARC would fail due to forwarding, receivers can check the ARC chain to see if authentication passed at origin. Gmail and other major providers use ARC to rescue legitimate forwarded mail that would otherwise fail DMARC.
Do I need to configure ARC?
As a sender, you typically don't configure ARC directly—it's handled by your email service. As a receiver or forwarder, implementing ARC signing helps your forwarded mail get delivered. Major email providers handle this automatically.
Does ARC guarantee delivery of forwarded email?
No, it provides additional authentication context that receivers can choose to trust. The final receiver decides whether to honor ARC chains based on the reputation of the signing domains in the chain.
Is ARC widely adopted?
Yes, major providers including Google, Microsoft, and Yahoo support ARC validation. It's become an essential part of the email authentication ecosystem for handling legitimate forwarding scenarios.
Related Terms
DKIM
DomainKeys Identified Mail (DKIM) is an email authentication method that uses cryptographic signatur...
SPF
Sender Policy Framework (SPF) is an email authentication method that specifies which mail servers ar...
DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication p...
Email Authentication
Email authentication is the process of verifying that an email was actually sent by the claimed send...
Ready to improve your email deliverability?
Ark handles arc and more automatically. Start sending in 5 minutes.