ARC

Authenticated Received Chain (ARC) is an email authentication standard that lets legitimate forwarders (mailing lists, security gateways, mail-redirection services) preserve the original DMARC / DKIM authentication state through forwarding. Without ARC, a forwarded message that originally passed DMARC at the sender now fails because the forwarder isn't in the sender's SPF. With ARC, each forwarder adds an ARC-Authentication-Results and ARC-Seal header chain; the receiving server evaluates the chain and may accept the message based on the original (pre-forwarding) authentication. Microsoft 365 supports ARC validation; trusted ARC senders can be configured in the Defender portal to make ARC-aware policy decisions for specific known forwarders.