RFC 8058 is an internet standard that defines ARC (Authenticated Received Chain), a mechanism designed to preserve email authentication results when an email is forwarded.

In simple terms, RFC 8058 helps prevent legitimate emails from being marked as spam when they pass through mailing lists, forwarding services, or security gateways.

 

 

 

 

 

 

 

 

Why RFC 8058 Exists

Email authentication methods like SPF, DKIM, and DMARC work very well when an email goes directly from sender to recipient.

However, problems arise when emails are forwarded. Forwarding can:

  • Change the sending server
  • Modify message headers
  • Cause SPF to fail
  • Break DMARC alignment

RFC 8058 was created to solve this problem by allowing each server that handles the message to record and cryptographically sign the authentication results.

What Is ARC (Authenticated Received Chain)?

ARC is the system defined by RFC 8058. It creates a chain of trust as an email travels across multiple servers.

Each server that supports ARC:

  • Checks SPF, DKIM, and DMARC
  • Records the results
  • Signs those results cryptographically
  • Passes them to the next server

The final receiving server can then decide whether to trust earlier authentication results, even if the message fails checks later due to forwarding.

How RFC 8058 Works (Simplified)

  1. The original sender sends an authenticated email.
  2. An intermediary server receives it and verifies SPF, DKIM, and DMARC.
  3. The intermediary signs the results using ARC headers.
  4. The message is forwarded to another server.
  5. The final recipient reviews the ARC chain to evaluate trust.

This allows legitimate forwarded emails to reach the inbox instead of being rejected or sent to spam.

ARC Headers Defined in RFC 8058

RFC 8058 defines three main ARC headers:

  • ARC-Seal – Cryptographically seals the ARC set
  • ARC-Message-Signature – Signs the message content
  • ARC-Authentication-Results – Records SPF, DKIM, and DMARC results

When Is RFC 8058 Especially Useful?

ARC is particularly important in scenarios such as:

  • Mailing lists
  • Email forwarding services
  • Corporate security gateways
  • Helpdesk and ticketing systems
  • Shared inboxes

RFC 8058 and Email Deliverability

By preserving authentication results, RFC 8058 plays an important role in improving email deliverability.

While ARC does not replace SPF, DKIM, or DMARC, it complements them and helps mailbox providers make more informed filtering decisions.

Does RFC 8058 Replace DMARC?

No. RFC 8058 does not replace DMARC.

Instead:

  • DMARC defines policy and enforcement
  • ARC preserves authentication results across forwarding

Together, they improve trust and reduce false positives in spam filtering.

RFC 8058 and Mailpro

Mailpro supports modern email authentication best practices and works seamlessly with:

Using proper authentication and deliverability tools helps ensure your emails remain trusted—even when forwarded.

Related Glossary Terms

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Mailpro and RFC 8058

One-click unsubscribe, added automatically

Mailpro injects the List-Unsubscribe and List-Unsubscribe-Post headers RFC 8058 requires — the Gmail and Yahoo 2024 bulk-sender mandate is met on every campaign without you setting it up.

Start free with MailproSee email authentication

Previous Article

   

Next Article

Unleash the Power of Professional Email Marketing

Secure, scalable, and built for impact. Join Mailpro™ today and enjoy 500 free credits to send your first campaign.
Start Sending for Free