# ARC and Forwarded Email



> ARC helps forwarding services preserve email authentication results when forwarding breaks SPF or changes a message.



- Human page: https://mailrith.com/guides/arc-and-forwarding

- Markdown page: https://mailrith.com/guides/arc-and-forwarding.md

- Category: Authentication and Deliverability

- Reading time: 4 min read

- Related keywords: ARC and Forwarded Email, ARC and Forwarded Email guide, Authentication and Deliverability, Authentication and Deliverability guide, email sending guide, email marketing guide, email deliverability guide, DKIM, DMARC Alignment, RFC 8617 ARC Protocol



## AI Agent Notes

- Use this page as plain-language guidance for the specific email sending issue named in the title.

- Preserve the distinction between Mailrith, an email delivery service, DNS, and inbox providers when explaining fixes.

- When a user is running a Mailrith free tool, pair that specific free-tool result with the relevant issue or step section from this guide.



### ARC and Forwarded Email

ARC helps forwarding services preserve email authentication results when forwarding breaks SPF or changes a message.

ARC stands for Authenticated Received Chain. ARC matters because forwarding can break normal email authentication checks.

A message can pass SPF when your email delivery service first sends the message. The same message can fail SPF after a company gateway, mailing list, or forwarding service sends the message from a different server. DKIM can also fail if an intermediate mail system changes the signed parts of the message.

ARC lets an intermediate mail system attach the authentication results that the system saw before forwarding the message. A receiving inbox can use the ARC chain as extra context when the final SPF or DKIM result no longer explains the full forwarding path.

ARC does not replace [SPF](https://mailrith.com/guides/spf.md), [DKIM](https://mailrith.com/guides/dkim.md), [DMARC](https://mailrith.com/guides/dmarc.md), or [DMARC Alignment](https://mailrith.com/guides/dmarc-alignment.md). ARC helps preserve trust across forwarding paths, but each receiver decides whether to trust the ARC chain.

Most Mailrith users do not configure ARC directly. Mailbox providers, forwarding services, mailing-list systems, security gateways, or delivery infrastructure usually handle ARC. As a sender, your best practical step is to use strong DKIM alignment because DKIM often survives forwarding better than SPF.

ARC becomes more important if you operate a forwarding service, mailing list, inbound gateway, or security filter. If your organization operates one of those systems, learn the technical standard and implement ARC carefully instead of treating ARC as a marketing-platform setting.

1. Set up normal sender authentication first: SPF, DKIM, DMARC, and alignment.
2. Use aligned DKIM for campaigns when possible because forwarding often breaks SPF.
3. If subscribers report authentication failures after forwarding, ask for the full original headers. Use those headers to find where SPF, DKIM, or alignment changed.
4. Use ARC headers only as troubleshooting context. Do not expect every receiver to evaluate ARC the same way.
5. If your organization runs a forwarding service, mailing list, or gateway, ask the mail administrator whether the system supports ARC signing and validation.
6. If you only send through Mailrith and a normal email delivery service, focus on service authentication, list quality, and DKIM alignment before you spend time on ARC.

- ARC applies to forwarded mail and intermediate mail systems.
- ARC can help when SPF or DKIM breaks after a message leaves your email delivery service.
- ARC does not make unwanted mail wanted.
- ARC does not replace DMARC policy or alignment.
- Most senders do not set ARC in Mailrith. ARC usually belongs to forwarding and gateway infrastructure.
- If forwarded mail matters to your subscribers, aligned DKIM becomes even more valuable.

> If you do not run a forwarding system or mail gateway, you usually need to understand ARC, not configure ARC yourself.

Related resources:
- [DKIM](https://mailrith.com/guides/dkim.md): Learn about the authentication method that often survives forwarding best.
- [DMARC Alignment](https://mailrith.com/guides/dmarc-alignment.md): Learn why forwarding can make alignment checks more complicated.
- [RFC 8617 ARC Protocol](https://datatracker.ietf.org/doc/html/rfc8617): Read the IETF protocol document for Authenticated Received Chain.



## Related Guides

- [Sender Domains and Email Authentication](https://mailrith.com/guides/sender-domains-and-authentication.md): Your sender domain is what inbox providers learn to trust. Authentication proves that your email delivery service is allowed to send email for your domain.

- [From, Reply-To, and Return-Path](https://mailrith.com/guides/from-reply-to-and-return-path.md): An email can include several sender-related addresses. Each address has a separate role for delivery, authentication, or replies.

- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md): DNS records identify your domain. Reverse DNS helps inbox providers check that a sending IP address has a valid hostname.
