Summary
ARC (Authenticated Received Chain) is a pivotal email authentication mechanism designed to preserve authentication results across email forwarding hops, thereby mitigating DMARC failures that often occur with legitimate forwarding. The responsibility for ARC implementation primarily rests with intermediary mail servers such as ESPs, forwarding services, and mailing lists, rather than the original sender. ARC enables these servers to sign emails with their own DKIM signatures, establishing a chain of trust that validates the authenticity of the message as it traverses multiple servers. This process improves deliverability by allowing forwarded emails to pass authentication checks and maintain sender reputation. While ARC is handled on the receiver side, senders play a critical role by ensuring proper configuration of SPF, DKIM, and DMARC. ARC's function involves adding ARC-Authentication-Results headers, which contain DKIM signatures and authentication check results, to enable improved DMARC evaluation across mail servers. Additionally, the correct configuration helps with policy overrides and keeps overall deliverability and reputation healthy.
Key findings
- Implementation Responsibility: ARC is primarily implemented by intermediary mail servers, not the original sender.
- DMARC Impact: ARC mitigates DMARC failures from legitimate email forwarding by preserving authentication results.
- Chain of Trust: ARC establishes a chain of trust through DKIM signatures and authentication checks at each hop.
- Sender Configuration: Senders should ensure correct SPF, DKIM, and DMARC configurations for ARC to function effectively.
- Deliverability Improvement: ARC improves overall email deliverability and ensures emails reach the inbox after forwarding.
Key considerations
- Technical Protocol: Understanding the technical details of the ARC protocol is essential for proper implementation.
- Forwarding Scenario: If you operate a forwarding service or mailing list, implementing ARC is crucial.
- ESP Handling: If using an ESP, ARC configuration is typically handled automatically by the provider.
- Authentication: Ensuring proper SPF, DKIM, and DMARC setup is critical for ARC to preserve authentication results.
- Header Implementation: Participating mail servers should correctly implement ARC-Authentication-Results headers.
- Policy Overrides: Policy overrides in DMARC reports require careful monitoring to ensure appropriate action.
What email marketers say
12 marketer opinions
ARC (Authenticated Received Chain) is a mechanism designed to preserve email authentication results across forwarding hops, addressing DMARC failures that often occur with legitimate forwarding. Its implementation is primarily the responsibility of intermediary mail servers, such as ESPs and forwarding services, rather than the original sender. ARC allows these servers to sign the email with their own DKIM signature, creating a chain of trust that validates the authenticity of the message as it passes through multiple servers. By maintaining sender reputation and ensuring forwarded emails pass authentication checks, ARC improves overall deliverability. Senders should focus on ensuring proper SPF, DKIM, and DMARC configurations, as ARC will then help preserve these results during forwarding, while receivers benefit from enhanced validation, especially in cases of policy overrides.
Key opinions
- ARC Implementation: ARC implementation is primarily handled by intermediary mail servers, such as ESPs and forwarding services, not the original sender.
- Sender Responsibility: Senders should focus on ensuring proper SPF, DKIM, and DMARC configurations; ARC will then help preserve these authentication results during forwarding.
- DMARC Impact: ARC allows forwarded emails to carry authentication information that can override DMARC failures, improving deliverability of legitimate emails.
- Reputation Maintenance: ARC helps maintain sender reputation by ensuring that forwarded emails don't negatively impact the domain's DMARC record.
- Trust Chain: ARC creates a chain of trust by allowing each server in the forwarding path to sign the message with its own ARC signature, validating its authenticity.
Key considerations
- Policy Overrides: Be aware of policy overrides in DMARC reports, particularly when using a 'p=none' policy, as enforced policies may lead to more visible overrides.
- Forwarding Scenario: If you are a forwarder or mailing list, you should implement ARC. However, if you are sending emails directly without any hops, there's nothing for you to seal.
- ESP Handling: If you're using an ESP, ARC configuration is generally handled automatically by the provider.
- Proper Authentication: Ensuring proper SPF, DKIM, and DMARC setup is critical for ARC to effectively preserve authentication results.
- Intermediate Signing: ARC allows intermediate mail servers to sign emails with their own DKIM signature, verifying the message received was from a trusted source and forwarded without modifications.
Marketer view
Email marketer from Mailjet responds that ARC improves deliverability by allowing forwarded emails to pass authentication checks, which helps maintain sender reputation and ensures emails reach the inbox.
3 Jan 2022 - Mailjet
Marketer view
Email marketer from Reddit explains that ARC implementation is mostly on the receiver/forwarder side. As a sender, ensuring proper SPF, DKIM, and DMARC configuration is crucial; ARC will then help preserve these authentication results during forwarding.
17 Jan 2024 - Reddit
What the experts say
3 expert opinions
ARC (Authenticated Received Chain) plays a crucial role in mitigating DMARC failures caused by email forwarding. Primarily, the forwarding system or service implementing ARC is responsible for adding the necessary authentication. DMARC's design inherently breaks forwarding, but ARC allows legitimate forwarded messages to maintain their authentication, improving deliverability. Senders should focus on ensuring robust SPF, DKIM, and DMARC configurations, while ARC is handled on the receiver side to validate emails and preserve authentication information.
Key opinions
- Forwarding System Responsibility: The forwarding system needs to implement ARC for it to function correctly.
- DMARC and Forwarding: DMARC is designed to break forwarding, but ARC provides a solution to maintain deliverability.
- Sender Authentication: Senders should ensure proper SPF, DKIM, and DMARC configuration.
- Validation and Mitigation: ARC validates emails and mitigates DMARC failures, primarily implemented on the receiver side.
- Preservation of Information: ARC allows forwarded messages to maintain authentication, which prevents DMARC failures.
Key considerations
- ARC Deployment: ARC is usually deployed by forwarding services to validate emails.
- Authentication Chain: ARC helps establish a chain of trust by maintaining authentication information through forwarding hops.
- Deliverability Improvement: Implementing ARC improves overall deliverability by preventing DMARC failures in forwarded messages.
Expert view
Expert from Spam Resource explains that ARC is usually deployed by forwarding services to validate emails and mitigate DMARC failures. As a sender, ensuring proper SPF, DKIM, and DMARC is important and ARC is implemented on the receiver side.
30 Oct 2022 - Spam Resource
Expert view
Expert from Word to the Wise shares that ARC allows legitimate forwarded messages to maintain authentication information, which prevents DMARC failures and helps improve overall deliverability. This is particularly useful when subscribers forward emails.
12 Mar 2022 - Word to the Wise
What the documentation says
4 technical articles
ARC (Authenticated Received Chain) serves as a vital mechanism for preserving email authentication results across forwarding hops. It addresses the challenge of DMARC failures that often occur when emails are legitimately forwarded. By implementing ARC, mail servers can add ARC-Authentication-Results headers containing DKIM signatures and authentication check results, enabling improved DMARC evaluation across multiple servers.
Key findings
- Preservation Mechanism: ARC is designed to preserve authentication results across email forwarding hops.
- DMARC Evaluation: ARC enables better DMARC evaluation, even with email forwarding.
- Mitigation of Failures: ARC helps mitigate DMARC failures resulting from legitimate email forwarding.
- Header Implementation: Participating mail servers add ARC-Authentication-Results headers to emails, including DKIM signatures and authentication checks.
Key considerations
- Technical Protocol: Understanding the technical details of the ARC protocol is crucial for implementation.
- Server Participation: ARC requires cooperation and correct implementation by all participating mail servers.
- DMARC Interaction: While ARC helps, understanding how DMARC interacts with forwarding is still essential.
Technical article
Documentation from Authorea states that ARC works by having each participating mail server add an ARC-Authentication-Results header to the email, which includes the server's DKIM signature and the results of its authentication checks.
7 Jul 2023 - Authorea
Technical article
Documentation from DMARC.org explains that DMARC is designed to make forwarding difficult but ARC can mitigate DMARC failures from legitimate forwarding by preserving authentication results.
28 Dec 2024 - DMARC.org
Does DMARC improve email deliverability and should ESPs push senders to set it up?
How can DMARC reports be enriched with user-level data for better domain enforcement?
How do DMARC policies and RUA/RUF settings inherit or override each other between a domain and its subdomains?
How do email forwarding and DMARC policies affect email delivery and reporting?
How does ARC impact email deliverability for DMARC-enforced domains, and what are the best practices for marketers?
What is the best practice for setting up DMARC for Shopify users?
