DARA: Enhance your email deliverability with Sendmarc
Sendmarc helps you implement DKIM Authorized Responders for Authentication (DARA) to ensure your emails remain trusted, even when forwarded or modified.
What is DARA?
DKIM Authorized Responders for Authentication (DARA) is a proposed extension to DKIM that allows the original sender of an email to delegate the authority to sign forwarded or modified messages to a trusted third party. This could include a mailing list manager or a forwarding service. DKIM itself protects emails from manipulation.
DARA builds on the foundation of DKIM. The framework authorizes third-party responders and plays an important role in authenticating email communications.
Consider the example of a mailing list:
When an email is sent to a list, it often gets modified by the list server; this could be due to adding a footer or altering headers. These changes can break DKIM authentication because the email no longer matches the original signature.
DARA solves this by allowing the mailing list server to act as an authorized responder, validating the modified email against the original domain’s authentication framework. This ensures that emails remain trustworthy even in scenarios where traditional DKIM would fail.
How does DARA work?
DARA is designed for both robustness and scalability.
Here is a step-by-step breakdown:
- Sender authentication: The sender’s server attaches a token to the email header alongside the DKIM signature. This token indicates the authorized responder responsible for validation.
- Responder validation: The recipient’s server queries the specified responder, which uses cryptographic verification to confirm the authenticity and integrity of the email.
- Enhanced logging: DARA-enabled systems log interactions, providing detailed insights into authentication processes and potential vulnerabilities.
What are the benefits of DARA?
Some of the benefits of DARA are:
- It preserves the original sender’s reputation, even if the email is forwarded or modified by a third party.
- It reduces the risk of false positives in spam filtering, as the receiver can verify both the original and the delegated signatures.
- It enhances the transparency and traceability of email delivery, as the receiver can see who modified the email and under what authority.
- It supports the use of mailing lists and forwarding services, which are common and legitimate practices in email communication.
What are the limitations of DARA?
Some of the limitations of DARA are:
- It requires the cooperation and trust of the third parties who modify the email, as they need to follow the protocol and respect the original sender’s delegation.
- It increases the complexity and overhead of email authentication, as the receiver needs to check multiple signatures and DNS records.
- It may not be compatible with some existing email standards and practices, such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC).
- It may not prevent some forms of email abuse, such as phishing or spoofing, as the original sender may not have control over the content or appearance of the modified email.
Ready to embrace DARA?
Take control of your email security and deliverability with DARA. Let Sendmarc guide your transition to this cutting-edge framework.
DARA FAQs
What is DARA in email authentication?
DKIM Authorized Responders for Authentication (DARA) is a proposed extension to DomainKeys Identified Mail (DKIM) that lets the original sending domain delegate signing authority to a third party, so modified or forwarded messages can still be authenticated.
How does DARA work?
DARA works by adding a token alongside the DKIM signature, enabling the recipient to query the designated responder, which cryptographically validates the message and logs the interaction.
What are the benefits of DARA?
The benefits of DARA include preserving the sender’s reputation, reducing false positives in spam filtering, enhancing transparency, and supporting legitimate forwarding.
What are the limitations of DARA?
The limitations of DARA include dependence on third-party cooperation, added authentication complexity and overhead, potential incompatibilities with existing standards such as SPF and DMARC, and limited protection against phishing or spoofing.