Hello Stephen,
I had earlier contacted you on the developer
mailing list regarding the gsoc project.
I have started reading about ARC as you suggested and have thought
about a few things.
When we use mailman, the mailing list service adds an extra phrase in
the subject - [Mailman-Developers] and an extra footer in the mail
giving links about the FAQ, archives and the security policy. This
alters the original subject and the body of the mail that the sender
sent in the first place. According to my knowledge, this is what might
cause the mail to be rejected by yahoo, aol, or other p=reject policy
Thus implementing ARC would involve including the ARC authentication
result header, the signature and the seal in every mail that Mailman
receives before it forwards it in the mailing list. This would
probably involve using the pydkim, gs.dmarc and pyspf libraries for
verification before we generate the ARC authentication results.
As a starter I think I should understand how the dkim,dmarc and spf
authentication processes are coded.
could you tell me how to find existing code where I can read and
understand how the authentication methods are implemented?
On Fri, Feb 5, 2016 at 9:20 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
Aditya Divekar writes:
My name is Aditya Divekar. I am a sophomore from IIT Guwahati.
Nice to meet you, Aditya! I'm the main DMARC/IETF wrangler for
Mailman, and I would be the main mentor for the ARC project.
I want to work on the project "Implement module to process ARC
headers". I have begun reading about RFC a bit.
That's a good start. If you have questions, feel free to ask. For
general questions that are mostly about "how do I hook code into
Mailman" or about GSoC, please ask on this list. Not only will you
get better and quicker answers, but the questions and answers will
benefit other developers too. For questions about ARC, you can write
me directly or the list, as you feel comfortable.
Or once you start to get the feel of things you may try to ask on the
ARC list. However, IEFT lists are probably very different from
anything you've participated in before. High stakes are involved
(there are people with millions of dollars invested in servers there)
and people can be a little terse. Not to mention the vocabulary will
likely be new to you.
The next thing to do would be to join the ARC mailing list and lurk:
To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
Right now it's low-traffic. It's a Mailman list. I subscribed with
the digest, and get maybe one a week.
Please help me get started in the right direction and if possible
share some timeline goals.
Well, the main timeline goal would be to get done in time for the live
test of implementations being held by the DMARC folks -- on Feb 19.
So I guess that's not going to happen!
It is my belief that a full implementation (with bugs still in it) can
easily be done in a summer starting from a reasonable amount of
programming skill in Python. If you're better than average it will
probably be integratable into Mailman and ready for participating with
other implementations on the Internet at the end of the summer.
With that in mind, please read How to SPAM
(http://turnbull.sk.tsukuba.ac.jp/Blog/SPAM.txt) and other general
information about GSoC proposals at
Then write something up. Pretty much anything. It doesn't have to be
complete, it just needs to demonstrate you've thought for a few
minutes about what you think you need to do.
Yes, this is pretty sketchy. If you're going to work with me, you
need to accept that I'm going expect you to try something plausible
before I tell you what I expect. I'm not a complete curmudgeon about
it, but I have found that it is a good way to work for me.
Regards, and happy hacking!