Authenticated Received Chain (ARC) is an email authentication protocol that lets intermediate mail servers digitally sign a message's authentication results. It provides an authenticated "chain of custody" for a message, allowing each server that handles the message to see what previous servers handled it and whether or not it was authenticated at each step. When a downstream mail server does DMARC verification and finds that SPF or DKIM have failed (due to forwarding or mailing list modifications, for example), it can look for ARC results from a trusted server and use them to decide whether to accept the message.
For more information on the ARC protocol, see: RFC 8617: The Authenticated Received Chain (ARC) Protocol.
ARC Verification
Enable ARC verification
Check this box to enabled ARC verification.
Trusted ARC Sealers
Trusted ARC Sealers are the domains whose ARC results you trust. ARC results from non-trusted domains are ignored when doing DMARC verification.
ARC Signing
Sign eligible outbound messages using ARC
Forwarded messages, mailing list messages, and gateway messages with authentication results are eligible for ARC signing. ARC signing needs a designated selector and signing domain below.
Default selector
Use this option to choose the default selector to use for ARC signing. You can use the same selector that you use for DKIM signing, or create a new one.
Default signing domain
Choose the default domain for ARC signing.
Advanced
If you host multiple domains and want to use a different selector or signing domain for any of them, click Advanced to configure that.
