Authenticated Received Chain
The Authenticated Received Chain (ARC) is an email authentication protocol developed by the Internet Engineering Task Force (IETF) to establish an authenticated "chain of custody" for messages as they pass through intermediate handlers, such as mailing lists or forwarding services, thereby preserving and verifying prior authentication assessments to mitigate failures in established mechanisms like SPF, DKIM, and DMARC.[1] Published as RFC 8617 in July 2019, ARC enables Internet Mail Handlers to attach cryptographic assertions of message authentication results directly to the email, ensuring that modifications by legitimate intermediaries do not break the overall authentication chain.[1] ARC addresses a key limitation in email authentication ecosystems: when messages are altered or forwarded by third-party services—such as security scanners, mailing list managers, or gateways—these changes can invalidate SPF (Sender Policy Framework) alignments, DKIM (DomainKeys Identified Mail) signatures, or DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies, leading to false positives in spam detection or delivery rejections.[1] By contrast, ARC creates an ordered set of handling results, allowing each handler to contribute evidence of its authentication assessment without disrupting the message's integrity.[1] This protocol complements rather than replaces SPF, DKIM, and DMARC; it specifically supports DMARC by providing data for policy decisions and reporting, such as overriding a "reject" policy if the chain validates successfully.[1] At its core, ARC operates through three specialized header fields added in sequential "ARC Sets": the ARC-Authentication-Results (AAR) field records the handler's authentication findings, the ARC-Message-Signature (AMS) field applies a DKIM-like signature to protect the message body and prior headers from tampering, and the ARC-Seal (AS) field cryptographically seals the entire chain to detect alterations in the ARC Sets themselves.[1] When validating a message, a receiving system processes these sets in reverse order (from newest to oldest), verifying signatures and seals to determine an overall status of "pass," "fail," or "none," with a maximum of 50 sets permitted to prevent header bloat.[1] ARC-Sealers (entities adding sets) and ARC-Validators (entities checking them) must be explicitly configured and trusted, often via DNS records, to ensure secure deployment across email infrastructures.[1] Notable for its experimental status at publication, ARC has gained adoption among major email providers to enhance deliverability for forwarded or list-based communications, reducing the incidence of authentication-related bounces while maintaining robust anti-phishing protections.[1] It introduces specific SMTP status codes, such as 5.7.29 for ARC validation failures, to facilitate troubleshooting and error reporting in mail transfer agents.[1] Overall, ARC represents a targeted evolution in email security, focusing on intermediary trust without requiring wholesale changes to existing authentication standards.[1]History and Development
Origins and Motivation
During the 2010s, email authentication protocols evolved significantly in response to escalating concerns over spam and phishing attacks, which had become pervasive threats to email security. The Sender Policy Framework (SPF), proposed in 2003 and published as RFC 4408 in 2006, and DomainKeys Identified Mail (DKIM), published in 2007, provided foundational mechanisms for verifying sender identities and message integrity, but their limitations in combating sophisticated spoofing prompted the development of Domain-based Message Authentication, Reporting, and Conformance (DMARC) in 2012. DMARC, formalized in RFC 7489 in March 2015, built upon SPF and DKIM by enabling domain owners to specify handling policies for authentication failures and receive reports on email activity, addressing the rising incidence of phishing that affected billions of messages annually. Major email providers accelerated DMARC adoption; for example, Yahoo announced a stricter p=reject policy in October 2015, while Google planned to implement it in June 2016 to enhance user protection against fraudulent emails.[2] A critical challenge emerged with email forwarding, where intermediate servers—such as those operated by mailing lists, third-party forwarders, or security gateways—often modified the message envelope or headers to facilitate relay. These modifications invalidated SPF checks, as the forwarding server's IP address replaced the original sender's, breaking DMARC's alignment requirements between the From header domain and the authenticating domains. Consequently, legitimately forwarded emails, including those from subscribed mailing lists or automated notifications, frequently failed DMARC validation at the final recipient, risking rejection or quarantine despite passing initial authentication. This issue was particularly acute for high-volume intermediaries, where unaltered forwarding was impractical due to technical and privacy constraints.[3] The primary motivation for developing ARC was to preserve the original authentication chain for messages handled by legitimate intermediaries, ensuring that DMARC policies did not inadvertently block valid forwarded content while maintaining defenses against abuse. By allowing trusted handlers to attest to their role without altering core message identifiers, ARC aimed to restore visibility into prior authentication results, such as SPF, DKIM, and DMARC outcomes from the originating server. This approach supported ecosystems reliant on forwarding, like collaborative mailing lists and enterprise gateways, without compromising the security gains from stricter DMARC enforcement.[3][4] Early proposals for ARC emerged from discussions within the DMARC community, with the protocol first publicly announced by DMARC.org in October 2015 to address these forwarding-induced failures. Initial drafts, such as draft-andersen-arc-00, were circulated on IETF mailing lists starting in late 2015, highlighting the need for a chain-of-custody mechanism. In June 2016, ARC became an official work item of the IETF DMARC Working Group, with contributions from organizations including Google, which provided technical input through participants like Brandon Long, and Yahoo, which engaged in parallel DMARC enhancement efforts that underscored the forwarding problem. These discussions, documented in the IETF datatracker, focused on cryptographic attestation methods to enable verifiable intermediary actions.[5][6]Standardization Process
The development of the Authenticated Received Chain (ARC) protocol originated with an initial individual Internet-Draft submission, draft-andersen-arc-00, published on October 16, 2015, and authored primarily by Kurt Andersen to address email authentication challenges in forwarding scenarios.[7] This draft laid the foundational concepts and was later revised through versions up to -05 by May 23, 2016. In June 2016, the IETF DMARC Working Group formally adopted the proposal as a work item, renumbering it as draft-ietf-dmarc-arc-protocol-00 on June 25, 2016, with expanded authorship including Seth Blank, Murray Kucherawy as editor, Brandon Long, and Andersen.[8] The working group, focused on enhancing Domain-based Message Authentication, Reporting, and Conformance (DMARC), coordinated the effort to integrate ARC as a complementary mechanism for preserving authentication across intermediaries. From 2016 to 2018, the draft iterated rapidly through 24 versions (from -00 to -23), incorporating feedback on cryptographic signing, header structures, and validation processes, with key revisions addressing security considerations and interoperability.[8] Key milestones in the standardization process included the initiation of the Working Group Last Call on July 17, 2018, which concluded on August 3, 2018, allowing for community review and revisions to version 16.[8] Following this, the document advanced to the Internet Engineering Steering Group (IESG) for evaluation, with an IESG last call announced on October 23, 2018, ending November 6, 2018, during which versions 17 through 21 were released to resolve ballot comments and technical issues.[8] The IESG approved the final version 23 on December 19, 2018, placing it in the RFC Editor's queue.[8] After editorial reviews and author authentication stages from April to July 2019, the protocol was published as RFC 8617 on July 9, 2019, designated as an Experimental RFC with 35 pages, authored by Murray Kucherawy, Brandon Long, Kurt Andersen, and Seth Blank, reflecting contributions from the DMARC Working Group chairs and broader IETF community.[9][10] This three-year process from working group adoption to publication emphasized consensus-building and rigorous peer review within the IETF framework. Since its publication, RFC 8617 has received post-RFC updates through the IETF errata system to clarify ambiguities. Notable errata include ID 7910, reported on April 26, 2024, which addresses formatting inconsistencies in ARC header fields such as arc-ams-info and arc-message-signature by replacing CFWS with FWS, directly impacting the handling of instance tags that group headers within an ARC set.[11] Another erratum, ID 8357 from March 30, 2025, provides clarification on referencing SMTP standards for validation failure reporting in Section 5.2.2.[12] These updates ensure ongoing accuracy without altering the core protocol specification.Technical Background
Email Authentication Challenges
Email authentication faces significant challenges due to the decentralized nature of the Simple Mail Transfer Protocol (SMTP), which allows intermediaries like forwarders and mailing lists to modify messages in ways that disrupt validation mechanisms. The Sender Policy Framework (SPF) is a domain-based protocol that enables domain owners to specify authorized IP addresses or hostnames in DNS TXT records to send email on their behalf, thereby preventing unauthorized use of the domain in the envelope sender address.[13] However, SPF validation fails when messages are forwarded, as the forwarding server's IP address does not match the original domain's authorized list, leading to mismatches even for legitimate emails.[14] DomainKeys Identified Mail (DKIM) addresses integrity and origin by attaching a cryptographic signature to the email headers and body, generated using a private key and verifiable against a public key published in the sender's DNS.[15] This signature ensures the message has not been altered in transit, but intermediaries such as mailing lists often modify headers (e.g., adding list identifiers) or the body, invalidating the signature and causing DKIM failures.[16] Domain-based Message Authentication, Reporting, and Conformance (DMARC) builds on SPF and DKIM by allowing domain owners to publish policies in DNS that dictate actions (e.g., quarantine or reject) for messages failing authentication, while requiring alignment between the domain in the From header and the authenticating identities from SPF or DKIM.[17] Strict alignment modes exacerbate forwarding issues, as changes in the envelope sender or header modifications break this match, resulting in DMARC policy enforcement against legitimate forwarded emails.[18] A significant portion of internet email involves indirect flows like forwarding through mailing lists or user agents, which commonly disrupt these protocols and contribute to false positives in spam filtering.[19] Analysis of DMARC reports from 2019 revealed that, on average, 55.1% of legitimate emails failed DMARC authentication (ranging from 37.0% to 86.8%), with false positives totaling around 119,405 emails per day across monitored domains, largely due to intermediary modifications in forwarded messages.[20] These failures not only increase the risk of legitimate emails being rejected or marked as spam but also complicate the balance between security and deliverability in email ecosystems.Relation to SPF, DKIM, and DMARC
The Authenticated Received Chain (ARC) protocol integrates with Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) by preserving the original authentication results from these mechanisms across email intermediaries, such as forwarders or mailing lists. Specifically, ARC employs chained Authentication-Results headers within its ARC-Authentication-Results (AAR) fields to capture and relay prior SPF and DKIM evaluations, ensuring that subsequent handlers can access the initial assessments without recomputing them. This preservation mechanism allows ARC to extend trust without altering the core validations performed by SPF, which checks the sending IP against domain records, or DKIM, which verifies cryptographic signatures on message content.[21] ARC enhances DMARC compatibility, particularly in forwarding scenarios where traditional DMARC policies like "reject" or "quarantine" often fail due to broken authentication chains. By maintaining a verifiable sequence of ARC-Seals—cryptographic attestations over the chain—ARC enables DMARC evaluators to trust prior results, allowing messages to pass even under "none" or "quarantine" policies if the chain remains intact. This addresses a key limitation in DMARC, which relies on aligned SPF or DKIM results at the final receiver but does not inherently account for legitimate intermediaries.[21] In terms of scope, ARC differs from SPF, DKIM, and DMARC by emphasizing intermediary trust chains rather than initial sender validation; SPF and DKIM focus on the originating domain's authorization and integrity, while DMARC aggregates those for policy enforcement, but ARC specifically attests to the handling sequence post-origin to prevent spoofing in forwarded paths. Furthermore, ARC-Seals contribute to reporting enhancements by providing DMARC aggregate reports with details on chain validation status and intermediary domains, improving visibility into forwarding paths and aiding domain owners in monitoring authentication propagation.[21]Protocol Components
ARC Headers
The Authenticated Received Chain (ARC) protocol introduces three specialized email headers to maintain a verifiable record of authentication across message hops: ARC-Authentication-Results, ARC-Message-Signature, and ARC-Seal. These headers form an "ARC Set" for each participating hop, enabling intermediate servers to attest to prior authentication states without altering the original message's cryptographic integrity.[1] The ARC-Authentication-Results header records the results of SPF, DKIM, and DMARC authentications performed at a specific hop. It follows a structured syntax ofi=<instance>; <authres-payload>, where the instance tag identifies the hop number, and the authres-payload details the authentication outcomes, such as pass/fail statuses for each mechanism using Authentication-Results syntax, ensuring that subsequent hops can review the chain's historical assessments. Only one AAR is permitted per ARC Set.[1]
The ARC-Message-Signature header provides a per-hop cryptographic signature analogous to DKIM, attesting to the message body and all preceding ARC headers up to that point. It requires key tags including b= for the digital signature value and bh= for the hash of the canonicalized body, along with the instance tag to link it to the corresponding ARC-Authentication-Results. This signature excludes the current and future ARC headers from its scope, preserving the ability for later hops to add their own attestations without invalidating prior ones. The signatures typically employ algorithms like RSA-SHA256 for robustness.[1]
The ARC-Seal header is added by each ARC Sealer to validate the chain up to the current hop, serving as the validation of the entire ARC chain at that point. It cryptographically signs the sequence of all ARC-Authentication-Results, ARC-Message-Signature, and prior ARC-Seal headers up to and including the current instance, incorporating the instance numbers and a cv= tag indicating the chain validation status (none, fail, or pass). This header does not cover the message body, focusing solely on ensuring the integrity and continuity of the authentication records across hops.[1]
Header ordering and instance numbering are critical to ARC's chronological integrity, with each ARC Set assigned a sequential instance tag starting from i=1 at the first participating hop and incrementing (e.g., i=2, i=3) for each subsequent one, up to a maximum of 50. Within a message, ARC headers from different sets must appear in reverse chronological order—newest on top—to facilitate verification, while the instance numbers enforce a unbroken sequence that detects tampering or gaps in the chain.[1]
Cryptographic Elements
The Authenticated Received Chain (ARC) protocol relies on digital signatures to establish a verifiable chain of custody for email messages handled by multiple intermediaries. The signing algorithm for both the ARC-Message-Signature and ARC-Seal is RSA-SHA256, which combines the RSA public-key cryptosystem with the SHA-256 hash function to produce signatures that ensure authenticity and integrity.[1] This choice aligns with the DomainKeys Identified Mail (DKIM) standard, providing robust protection against tampering.[1] Key management in ARC leverages the established DKIM infrastructure, where domains publish public keys via DNS TXT records tied to specific selectors. These records contain the public key material, hashing algorithm, and service type (e.g., "a=rsa-sha256; h=sha256; p=Operational Mechanics
Signing Process
The signing process in the Authenticated Received Chain (ARC) protocol enables an intermediate mail server, acting as an ARC sealer, to authenticate and preserve the email's authentication status across forwarding hops without breaking existing signatures. Before initiating the signing procedure, the intermediate server must first validate the incoming message's SPF, DKIM, and DMARC results to assess its authenticity as received.[1] The server then determines whether to participate as an ARC sealer, typically if it supports ARC and the message warrants forwarding with preserved authentication—such as in mailing lists or gateways—while ensuring all message modifications, like adding any new DKIM signatures, are completed prior to sealing.[1] Additionally, if an existing ARC chain is present and its chain validation status is "fail" as indicated in the latest ARC-Seal header, the server halts the sealing process to avoid propagating invalid chains.[1] The process begins with calculating the ARC instance number, denoted as "i=N", where N is 1 if no prior ARC headers exist on the message, or the highest existing instance value plus one (capped at 50 to prevent excessive chain length).[1] In Step 1, the server generates the ARC-Authentication-Results header (AAR), which records the authentication outcomes—such as SPF, DKIM, and DMARC results—performed on the incoming message at this hop, including the instance tag "i=N" and the server's domain identifier.[1] This header captures the current hop's view of the message's authenticity without referencing prior ARC data.[1] In Step 2, the server creates the ARC-Message-Signature header (AMS), a DKIM-like signature that attests to the integrity of the message body and non-ARC headers as received, excluding all ARC headers to ensure independence from chain-specific additions.[1] The AMS includes the instance tag "i=N" and is computed by hashing the message body (using SHA-256) and selected headers listed in its "h=" field, then signing the result with the server's private key, typically via RSA-SHA256 with relaxed canonicalization.[1] This step effectively "freezes" the message content for this hop, allowing subsequent verifiers to confirm no unauthorized changes occurred before this point, while prior ARC headers remain part of the message but are not covered by the AMS signature itself.[1] The cryptographic algorithms employed mirror those in DKIM, ensuring compatibility and security.[1] Following the AMS generation, in Step 3, the server appends the three ARC headers in strict order—first the AAR, then the AMS, and finally the ARC-Seal header (AS)—all tagged with "i=N", directly to the message's header section without modifying any existing content, including the original body or prior headers.[1] The AS provides the chain linkage by signing a sequence of all previous AAR and AMS headers (from instances 1 to N-1), followed by the current AAR and AMS, using a similar DKIM-style signature to bind the chain and include the chain validation status (cv=pass, fail, or none) based on the incoming message's assessment.[1] If the signing process encounters errors, such as failure to generate a valid signature due to key issues or computational limits, the intermediate server falls back to forwarding the message without adding any new ARC headers, preserving the original content but forgoing additional authentication chaining.[1] This error handling ensures reliable delivery while minimizing security risks from incomplete or invalid seals.[1]Verification Process
The verification process for an Authenticated Received Chain (ARC) begins at the final receiving server, which first collects all ARC sets attached to the email message. If no ARC sets are present, the chain validation status is set to "none," and no further ARC-specific checks are performed. The server then verifies the ARC-Seal header from the highest instance (i=N), ensuring it cryptographically covers all preceding ARC-Message-Signature (AMS) and ARC-Authentication-Results (AAR) headers in sequence, using the same validation rules as DomainKeys Identified Mail (DKIM).[1] This initial check confirms the integrity of the chain's structure and prevents tampering with the sequence of authentication records. Following the initial seal validation, the server traverses the ARC chain in reverse order, starting from the most recent instance. For each instance i from N down to 1, the server validates the corresponding AMS header against the message body and all headers added prior to that instance's signing, again applying DKIM verification procedures.[1] If the AMS validates, the server then examines the associated AAR header to assess the original authentication results (such as SPF, DKIM, or DMARC outcomes) reported by the signing entity at that hop. The instance numbers must form a continuous sequence from 1 to N without gaps or duplicates, and the chain validation (cv) value in the ARC-Seal for the highest instance must be "none" for i=1 or "pass" for i>1; any "fail" in the highest instance's ARC-Seal immediately results in a chain status of "fail."[1] To ensure compliance with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the verification process includes alignment checks across the chain, where the domain in each AMS must align with the domains in the preserved AAR authentication results, using either relaxed or simple canonicalization methods as specified in the signatures.[1] This alignment preserves the original sender's DMARC policy applicability through intermediaries, allowing the final receiver to evaluate the message as if it had arrived directly from the origin. Header instance ordering is strictly sequential, with each set inserted before the prior ones to maintain the chain's logical flow.[1] If the entire chain validates successfully—including all AMS signatures, AAR contents, and the final ARC-Seal—the overall ARC status is "pass," and the message may be accepted based on the cumulative authentication results.[1] Conversely, any failure in the traversal or seal verification sets the status to "fail," prompting the server to reject, quarantine, or apply other handling actions as per local policy, while logging the results in a new Authentication-Results header for reporting and debugging purposes.[1] The maximum chain length is limited to 50 instances to prevent abuse, with excess sets resulting in a "fail" status.[1]Implementation and Use Cases
Deployment in Mail Servers
Server-side requirements for deploying ARC in mail servers include compatible software that supports ARC signing and verification as an intermediary or final recipient. For open-source setups, Postfix can integrate ARC using the OpenARC milter, an open-source implementation that extends DKIM functionality to handle ARC headers and signatures.[22] OpenARC requires OpenDKIM for underlying cryptographic operations and is configured as a milter in Postfix'smain.cf file. For proprietary environments, Microsoft Exchange Online with Defender for Office 365 supports ARC natively, allowing administrators to designate trusted sealers without custom milters.[23]
Configuration steps begin with publishing ARC selectors in DNS to enable verification of signatures. ARC uses DKIM-style selectors, where public keys for ARC-Seal and ARC-Message-Signature are stored as TXT records in the DNS subdomain, such as selector._domainkey.example.com, following the format specified in RFC 8617.[1] Next, enable ARC sealing in MTA settings by configuring the milter chain in Postfix; for example, add smtpd_milters = inet:localhost:8891 inet:localhost:10225 to invoke OpenDMARC and OpenARC sequentially after OpenDKIM.[24] Thresholds for participation can be set via policy files, such as in OpenARC's policy configuration, to seal only messages meeting certain authentication criteria like passing DMARC.[22]
Verifier setup involves integrating ARC checks into spam filters and DMARC evaluators to assess chain validity upon receipt. SpamAssassin supports native ARC evaluation through its parsing methods, allowing custom rules in local.cf to score messages based on ARC status.[25] OpenDMARC processes ARC headers and, in versions supporting ARC (e.g., 1.4.0+), can use ARC pass results in conjunction with policy to influence DMARC evaluation outcomes.[26] In Microsoft Defender for Office 365, verification occurs automatically for trusted sealers configured via the admin portal.[23]
Monitoring tools for ARC deployment leverage ARC-aware reporting to track aggregate data on chain success rates. Administrators can analyze DMARC aggregate reports (rua=) from receivers, which may include ARC status to quantify successful chains versus breaks in forwarded messages.[27] Tools like the Microsoft Message Header Analyzer parse headers to report ARC pass/fail rates, helping identify deployment issues.[23] This relates briefly to DMARC policies, where successful ARC chains can inform adjustments to p=reject thresholds for forwarded traffic.[1]