How ARC can keep forwarded emails out of spam

Zack Aab

3 minute read

Email is the original social channel, thanks to email forwarding. We’ll bet that the minute computer salesperson Gary Thuerk sent that famous email message to 400 prospects back in 1978, many of them forwarded it on to their friends. 

Forwarding messaging is one of the most popular email activities. By 2015, 1 in 21 commercial messages was being sent on to other recipients. For email marketers, it also expands your reach and exposure without any effort on your part.

Besides person-to-person forwarding, many email users also forward their messages automatically from one email service to another (from Gmail to Yahoo, for example) so they can read email from multiple email addresses in one inbox. 

But a forwarded email can actually end up in the spam folder instead of the inbox. It all has to do with email authentication, which verifies that the senders and messages are legitimate. If your emails are authenticated properly, messages that get forwarded have a better chance of hitting the inbox.

You’ll want to talk with your deliverability team to see if everything checks out with your email authentication. Below, we’ll/I’ll explain what’s happening and how you can make sure your forwarded messages don’t go to spam.

Email forwards can break authentication 

Many commercial email senders use authentication protocols like DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework) or DMARC (Domain-Based Message Authentication Reporting and Conformance) to prove to a receiving server that they are authorized to send messages and that they sent a specific email, not someone impersonating that legitimate sender.

Forwarding an authenticated message, however, can break that authentication. Also, if the original sender uses DMARC, forwarding can cause DMARC to fail and make the message look like a phishing attempt. 

When that happens, an email receiver like Gmail can either quarantine the forwarded email in the spam folder or reject it outright. In either case, your email never reaches its target.

One way to fix this problem is with a new standard called Authenticated Received Chain, which can preserve the original email’s authentication and assure the next receiver that the message is legitimate.

Right now, ARC is still in the development stage. But already, major ISPs like Google, AOL, and Microsoft are championing its use. As an email sender, you should know about ARC and its possibilities, which we explain next.

How ARC can keep email out of the spam folder

ARC is a cryptographic signature – a line of encryption that an email receiver inserts into an email header before it gets forwarded. When someone forwards an email with this signature, the receiving service can see it and authenticate both the original sender and the forwarding sender. 

This move makes it far more likely that the email forward will land in the recipient’s inbox, where it’s supposed to go, and not the spam folder.

ARC creates a signature of the original “authentication-results” component of an email’s headers with an encryption key that only the legitimate forwarder can use.   

(Need a quick refresher on DKIM, SPF and DMARC? This Trendline backgrounder, What Are DMARC, DKIM, and SPF?, explains these authentication terms and why it matters.)

With ARC, the magic happens when the signature is created after your original recipients receives your email message but before they forward it on to their family or friends. This is what it looks like in a deliverability scenario:


When is ARC actually used?


What Trendline recommends right now

ARC is different from authentication protocols like DKIM and SPF because the email receiver, like Gmail or AOL, is the one who decides whether to install the code in the email header. However, there is something you can do to increase your chances that your forwarded email will go to the inbox.

Talk with your deliverability team about how your emails are being authenticated right now to make sure you are taking every step possible to keep your emails out of the spam folder.

Some email teams refuse to use DMARC because they don’t want their forwarded emails to end up in spam. But ARC solves that problem and makes DMARC more usable. That improves your deliverability and protects your email domain from being spoofed by bad actors.

Call on Trendline for help. If you’re not a deliverability expert, this conversation can be tricky to navigate. But here at Trendline, our deliverability work with clients has given us a unique perspective on these authenticity discussions. We’d love to help you talk about this with your team – feel free to get in touch!

Trendline Interactive

Ready to send better messages?

About the Author(s)

Zack Aab

Before learning how to use email, Zack worked in computer repair, blacksmithing, video production, and knot-tying, but not all at once. Zack has his CIPP/US certification, is definitely not a lizard person, and likes normal human things like email and data privacy and basking on sunny rocks. Follow Zack on LinkedIn

Let's Take This to the Inbox

Sign up for our news, resources and updates. The inbox is our favorite place after all. We’ll make sure it’s worth it. (You can unsubscribe at any time, but you probably already knew that.)