Google includes ARC in its 2024 email sending guide

mdabuhasan · Post by **mdabuhasan** » Tue Apr 22, 2025 8:52 am

1. Introduction
In case you missed this important point in the hustle and bustle, ARC or Certified Receiving Chain will become part of the latest requirements from February 2024.
2. What is ARC
ARC ensures the security of email authentication information buy bulk sms service as it passes through multiple servers, thus acting as an extra layer of protection.
3. SPF and DKIM Email Authentication Protocol
SPF validates emails against a list of authorized IP addresses. During email relaying, emails go through an intermediate server whose IP address may not be on the sender's SPF list. This can cause unnecessary SPF failures even for legitimate emails.
DKIM adds a digital signature to your emails, encrypted using a public key, to verify the origin and authenticity of the message. To do this, DKIM uses a hash value generated using the email headers and body. However, during email forwarding, additional elements such as custom footers or extended subject lines may be added to the email, thus defeating DKIM.

4. How ARC makes up for the shortcomings of SPF and DKIM
During the email forwarding process, email headers and message content are altered, causing the email to fail SPF and DKIM verification. When the forwarding MTA applies ARC to the message, three additional ARC headers are applied to the message along with the SPF and DKIM verification data of the original message. The three new headers are as follows: 1. **arc-authentication-results**: This is a new header that contains information about the verification results of the message. 2. **arc-message-signature**: This is a new header that contains the digital signature of the message. 3. **arc-protection**: This is a new header that contains protection information about the message.
During the DMARC check, the protocol takes into account the ARC headers, which refer to the authentication information of the original message to verify the legitimacy of the message - covering any changes made by intermediate servers. If the forwarded message is legitimate, DMARC passes.

5. Advantages of ARC
ARC can make up for the shortcomings of SPF and DKIM by preserving the authentication header information of the original message, even though the message will pass through an intermediary server. This helps Google senders must implement ARC if the following situations occur: 1. Google explained that they chose to include ARC as part of their latest sender guidelines because the ARC header can identify messages as "forwarded" rather than unauthorized messages, and identify the original forwarding address or domain. 2. On top of ARC, it details various other measures that general and bulk email senders need to implement by February 2024 to comply with the latest regulations, thereby responsibly ensuring that Gmail users' inboxes are not occupied by spam.
How SecurityGateway Helps You Comply
SecurityGateway helps enterprises achieve compliance by easily implementing DMARC, SPF, DKIM, and ARC to comply with Google and Yahoo's sender guidelines!