Who should implement ARC — senders or receivers?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You're a sender. You've set up SPF, DKIM, and DMARC. Now someone asks if you need to implement ARC. The short answer. You don't. ARC isn't your job.
Here's who actually needs to do the work. Intermediaries are the ones that implement ARC. That's mailing lists, forwarding services, email gateways, and ESPs that relay your mail through multiple hops. When your email passes through them, they add ARC headers and sign them. They're the bridge between your original authentication and the final receiver.
Receivers handle the other side. ISPs like Gmail, Microsoft, and Yahoo verify ARC chains when they arrive. They decide whether to trust the ARC signer and override a DMARC failure based on that trust. This is where the real decision-making happens.
Why should you care if you're just a sender? Because when your DMARC policy is strict, it can break email from mailing lists and forwarding services that don't implement ARC. If you notice list subscribers aren't getting emails, it's often because the intermediary isn't signing with ARC. That's when you can ask them to enable it.
So check Check your forwarding setup to see if you're using intermediaries that support ARC. If they do, you're protected. If not, and you've got a reject DMARC policy, you might see delivery issues.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.