Free ARC Validator (Authenticated Received Chain)

Overview

ARC (Authenticated Received Chain) is an email authentication protocol that preserves authentication results when emails are legitimately modified by intermediaries like mailing lists, forwarders, or email security gateways. When emails are forwarded or modified, SPF and DKIM often break. ARC creates a chain of authentication results that trusted intermediaries can use to validate the original sender even after modifications.

How ARC Works

1. Original Email Sent: An authenticated email passes SPF and DKIM validation
2. First Intermediary Receives: A mailing list or forwarder validates SPF/DKIM and saves the results
3. ARC Headers Added: Three ARC headers are added (ARC-Seal, ARC-Message-Signature, ARC-Authentication-Results)
4. Email Modified: The intermediary modifies the email (adds footers, changes subject)
5. Email Forwarded: The modified email is sent to final recipients
6. Final Server Validates: The receiving server validates the ARC chain and trusts the original authentication

Why ARC Matters

• Mailing Lists: Preserves authentication when list software modifies subject lines or adds footers
• Email Forwarding: Maintains trust through legitimate forwarding services that would normally break SPF
• Security Gateways: Allows security tools to modify emails without losing authentication status
• DMARC Compatibility: Helps emails pass DMARC even when DKIM/SPF break during forwarding
• Improved Deliverability: Major providers like Gmail and Outlook use ARC to make better filtering decisions

ARC Header Components

When to Use ARC

• Operating a mailing list service (Mailman, Listserv, etc.)
• Running an email forwarding service
• Managing an email security gateway that modifies content
• Any email intermediary that legitimately alters messages