How does ARC relate to DMARC alignment?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Here's the key thing: ARC doesn't change how DMARC works. DMARC alignment still gets evaluated the same way. But when forwarding breaks your SPF or DKIM alignment, ARC steps in as a trusted witness.
Imagine you've set DMARC to p=reject (which is strong protection). A mailing list forwards your email to a subscriber. The list changes the envelope sender to its own domain, so SPF alignment fails. DMARC looks at that failure and your policy says reject this message.
Here's where ARC helps. The mailing list (acting as a trusted intermediary) seals the original authentication results. It's basically saying "I forwarded this, and before I touched it, the original domain's SPF and DKIM passed." The receiving mail server can trust that ARC seal because it knows the mailing list is reputable. So instead of bouncing the message, the server honors the original authentication.
ARC is an additional signal, not a workaround. It doesn't fix DMARC alignment itself. It just gives receivers permission to trust the message despite an alignment failure, because they trust the ARC signer.
Want to make sure your DMARC and ARC setup is working together properly? Start by understanding your DMARC policy, then dive into how ARC sealing works to optimize your forwarding setup.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.