The ARC protocol uses three headers that are inserted in the order described below:
- ARC-Authentication-Results (AAR) header: records the contents of the Authentication-Results header from DMARC. The purpose of this header is to record whether any previous authentication passed or failed.
- ARC-Message-Signature (AMS) header: includes a cryptographic signature of the message itself up to this point.
- ARC-Seal (AS) header: includes a cryptographic signature of the message headers. It does not sign the body contents of the message. This header contains a tag called chain validation “cv=”, which contains the outcome of evaluating the existing ARC chain. The “cv=” tag can be one of three values: none, fail or pass. The values are explained by the table below.
All of the above explained headers together are called an ARC set. Multiple ARC sets - if present - represent an ARC chain. Each of the headers within an ARC set contains a tag “i=” which represents the sequence number starting from 1 and it is the same for each ARC header within a set.