When an email is forwarded from one mailbox provider to another mailbox provider, minor changes may be made to the email, resulting in SPF, DKIM, and DMARC verification failures.
ARC (RFC 8617) is an email protocol that helps preserve email authentication results and verifies the identity of email intermediaries that forward a message on to its final destination.
There are three key components to ARC:
- ARC Authentication Results header: a header containing email authentication results like SPF, DKIM, and DMARC
- ARC Signature: a DKIM-like signature that takes a snapshot of the message header information, including the to, from, subject, and body
- ARC Seal: another DKIM-like signature that includes the ARC Signature and the ARC Authentication Results header information