When you look at the source of an email, you might come across a long string of technical headers. One of these, the ARC-Message-Signature, is part of a system called Authenticated Received Chain (ARC). ARC helps preserve email authentication results like SPF and DKIM, especially when an email is forwarded through intermediaries like mailing lists.
The bh= tag within this signature is a critical component. It stands for "body hash". Put simply, it's a cryptographic hash (a unique fingerprint) of the email's body content. Its purpose is to verify that the body of the message hasn't been tampered with or altered since the signature was applied. This tag functions almost identically to the bh= tag found in a standard DKIM signature, which ARC is built upon.
How the body hash fits into ARC
ARC is designed to create a chain of custody for an email as it moves from the sender to the final recipient, passing through various systems (known as mediators) along the way. Each mediator in the chain adds its own set of ARC headers to vouch for the authentication results it observed.
The ARC-Message-Signature, which includes the bh= tag, is central to this process. Here is how it works:
- Original message: A sender sends an email with a valid DKIM signature. This signature includes a bh= tag that hashes the original message body.
- Forwarding system: A mailing list receives the email. It might add a footer to the message body, which would normally break the original DKIM signature. Before forwarding, the mailing list verifies the original signature.
- ARC signature added: The mailing list then adds its own ARC-Message-Signature. This new signature calculates a new body hash (a new bh= value) based on the modified body content (with the footer). It also signs other headers.
- Chain of trust: When the final recipient's server gets the email, it sees a broken DKIM signature. However, it also sees the ARC chain. It can verify the mailing list's ARC-Message-Signature and trust that, while the body was modified, it was done by a legitimate mediator that validated the original sender.
A common point of confusion: `ARC-Seal`
It's important not to confuse the ARC-Message-Signature with another header called the ARC-Seal. They have very different jobs. The ARC-Message-Signature signs the message headers and body, which is why it needs the bh= tag.
In contrast, the ARC-Seal signs the previous ARC headers themselves (the ARC-Message-Signature and ARC-Authentication-Results headers for a given instance). Its job is to prevent those headers from being tampered with. Since it doesn't cover the body of the message, it does not contain a bh= tag.
Breaking down the `ARC-Message-Signature`
Besides the body hash, the ARC-Message-Signature contains several other important tags, many of which will look familiar if you've ever inspected a DKIM signature.
- i=: The ARC instance. This is a number indicating the position of this signature in the forwarding chain. The first mediator uses i=1, the second uses i=2, and so on. As van der Linden explains, this number is key to validating the entire chain in order.
- a=: The algorithm used to create the signature, such as rsa-sha256.
- b=: The signature data itself, encoded in base64.
- bh=: The body hash we've been discussing, proving the integrity of the message body at this stage of its journey.
- d= and s=: The domain and selector used to retrieve the public key for verification via DNS.
- h=: The list of header fields that were included in the signature calculation, in addition to the body.
Why it all matters
In summary, the bh= tag is a non-negotiable part of the ARC-Message-Signature. It acts as a cryptographic seal on the email body, providing a way for each handler in a forwarding chain to attest to the state of the content as they saw it. Without it, the entire purpose of signing the message would be undermined, as there would be no guarantee that the content you're reading is the same content that was originally authenticated. It's a key piece of the puzzle that helps build trust in a world of complex email routing.
