ARC (Authenticated Received Chain) is an email authentication protocol that helps address situations where DMARC would fail due to indirect mail flows. Indirect mail flows refer to mail flows in which the initial receiver of the message is not the final receiver and acts as an intermediary, such as mailing lists or message forwarding services.


ARC is designed to allow the Authentication-Results header (which describes the result of the messages) to be passed on to the next "hop" in the line of the message's delivery. When a receiver validates the results of an incoming message and sees the DMARC results failing, they will try to validate the provided ARC chain. When this proves valid, they can extract the Authentication-Results of the initial hop.


ARC provides intermediaries the ability to add content to the message and forward it with a new and correct DKIM signature, provided they forward the message correctly. This also provides data to reputation systems on the intermediaries handling the messages.


ARC can help by allowing the Authentication-Results header, which describes the result of a message's authentication checks, to be passed on to the next hop in the line of the message's delivery. This enables the results of the original message's authentication checks to be preserved and validated by subsequent receivers in the delivery chain, even if the message passes through intermediaries (such as mailing lists or forwarding services) that might break the message's DKIM or SPF signatures.


By using the information provided by ARC, receivers can make more informed decisions about how to handle messages that fail DMARC checks due to breaks in DKIM or SPF signatures caused by intermediaries. Based on the reputation of the intermediaries involved in delivering the message, receivers may choose to override the DMARC policy and accept or deliver the message, rather than rejecting or quarantining it.