What problem does ARC solve?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Your email goes through a mailing list or a forwarding service. The service has to resend it from a different IP address and might modify the headers or content slightly. Now SPF fails because the IP isn't in your original domain's SPF record. DKIM fails because the message got modified. Legitimate mail dies in a DMARC failure, trapped in spam folders through no fault of the original sender. That's the forwarding problem, and it's more common than you'd think.

Companies using DMARC enforcement (p=quarantine or p=reject) run into this constantly. Mailing list operators hit it. Anyone using Gmail's email forwarding feature, a corporate gateway that scans mail, or a service like ARC aware forwarding can end up here. Without something to bridge the gap, the receiving mail server sees a failed DMARC check and has no reason to trust the message. To understand what's happening under the hood, review how DMARC alignment affects forwarded mail.

ARC fixes this by having each intermediary sign off on the authentication results it saw before it modified anything. The signature proves. this message checked out upstream. The receiving server can then trust the original authentication, override the DMARC failure, and deliver the legitimate mail to the inbox instead of spam. It's not a free pass. DMARC policy still matters. But it's the difference between having evidence of the original authentication and just seeing a broken chain.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Diagnose if forwarding is breaking your authentication.

I read this about ARC solving the forwarding problem: "Without something to bridge the gap, the receiving mail server sees a failed DMARC check and has no reason to trust the message. ARC fixes this by having each intermediary sign off on the authentication results it saw before it modified anything." Help me diagnose whether this is affecting MY email: 1. Are forwarded emails from my domain failing authentication? 2. How do I check if ARC is working for my forwarded mail? 3. What should I do if ARC isn't helping? 4. Do I need to update my DMARC policy to support ARC? --- My details (fill in what applies): - Email platform/ESP: e.g. Mailchimp, SendGrid, Postmark, HubSpot, custom SMTP - Do you use email forwarding?: yes/no - Which forwarding service?: Gmail forwarding, corporate gateway, mailing list, other - Current DMARC policy: none / quarantine / reject - Are you seeing forwarded emails fail?: yes/no - Have you checked ARC headers?: yes/no. What did they show?

Edit the yellow boxes, then send to the AI of your choice.