"dara" is a proposed extension to DKIM that allows the original sender of an email to delegate the authority to sign the forwarded or modified messages to a trusted third party, such as a mailing list manager or a forwarding service.
DKIM (DomainKeys Identified Mail) is a method of email authentication that allows the receiver to verify that the email was sent by an authorized sender and that the message has not been tampered with in transit. DKIM uses cryptographic signatures to attach a domain name to an email message, which can be validated by the receiver using the public key published by the sender in their DNS records.
"dara" is an acronym for "DKIM Authorized Responders for Authentication". It is a proposed extension to DKIM that aims to address the problem of email forwarding and mailing lists, which can break the original DKIM signatures. "dara" allows the original sender to delegate the authority to sign the forwarded or modified messages to a trusted third party, such as a mailing list manager or a forwarding service. The third party can then add a new DKIM signature with their own domain name, while preserving the original sender's identity and reputation.
"dara" is still a draft specification and has not been widely adopted by the email industry. However, it offers a potential solution to improve the reliability and security of email authentication, especially for scenarios where the email content or headers may change in transit. The draft specification for dara can be found undefined.
What are the benefits of dara?
Some of the benefits of dara are:
- It preserves the original sender's reputation and accountability, even if the email is forwarded or modified by a third party.
- It reduces the risk of false positives in spam filtering, as the receiver can verify both the original and the delegated signatures.
- It enhances the transparency and traceability of email delivery, as the receiver can see who modified the email and under what authority.
- It supports the use of mailing lists and forwarding services, which are common and legitimate practices in email communication.
What are the limitations of dara?
Some of the limitations of dara are:
- It requires the cooperation and trust of the third parties who modify the email, as they need to follow the dara protocol and respect the original sender's delegation.
- It increases the complexity and overhead of email authentication, as the receiver needs to check multiple signatures and DNS records.
- It may not be compatible with some existing email standards and practices, such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC).
- It may not prevent some forms of email abuse, such as phishing or spoofing, as the original sender may not have control over the content or appearance of the modified email.
Some examples of dara
Here are some hypothetical examples of how dara could be used in different email scenarios:
- A company sends a newsletter to its customers using a mailing list service. The company authorizes the mailing list service to sign the messages with dara, so that the customers can verify that the newsletter is from the company and not from a spammer.
- A user forwards an email from their personal account to their work account using a forwarding service. The user authorizes the forwarding service to sign the messages with dara, so that their work account can verify that the email is from the user and not from an impostor.
- A researcher sends a paper to a journal editor using an email client that modifies the message headers. The researcher authorizes the email client to sign the messages with dara, so that the journal editor can verify that the paper is from the researcher and not from a plagiarist.
Need Help?
support@sendmarc.com is standing by to assist!