Wednesday 18 May 2016

The start of my GSoC journey!


Hi!

This is my first blog post in the many to come as a part of my GSoC journey with GNU Mailman. Today I'll try to explain the project, its purpose and why it's important!

The title of the project is *ARC Protocol Implementation in GNU Mailman*.


With the adoption of stricter email authentication policies to curb spam, many MTAs are moving to stricter DMARC policies, i.e. any mails that fail the DMARC test are rejected outright `p = reject`. This has helped curb spam, yes, but it has also created problems for intermediate mail handlers like mailing lists. The basic philosophy underlying these authentication checks is to check the extent to which the mail has been altered from its original shape to the point of delivery to the recipient.Mailing lists inherently do modify the mail before broadcasting it onwards to the members by adding list-specific headers, footer, and alterations to the Subject, etc. These are necessary for the identification of the mail with the mailing list. And till now, the mailing lists had no way of letting the receiving MTAs know about their handling of the message. This lead to high probability of these mails to be flagged suspicious, and in some strict cases as spam. The solution for this was recently drafted in the IETF ARC Protocol.
From Mailman's point of view, ARC is a protocol that can help mitigate denial of service to subscribed addresses at Yahoo!, AOL and other MTAs that have a `p=reject` DMARC policy. Also it will help reduce the ambiguity in decisions for other MTAs with a lenient policy. Basically setting up ARC would allow Mailman to securely register its handling of the message, thus allowing the set-up of a trust mechanism (not binding) between Mailman and the involved MTAs and hence reducing the denial of service. 

Mailing lists have a variety of purposes, but are perhaps the most important medium of communication for the open source community. Thus the importance of their services cannot be stressed on more, highlighting the importance of the ARC Protocol in enabling their functioning within a trust framework!

The ARC protocol involves the addition of two new headers to the already existing mail.
1. ARC Seal
2. ARC Message Signature
3. ARC Authentication Results
( prepended bottom up )

The draft explaining the protocol can be found here - ARC Draft

So that's the project I'll be working on this summer!
I have deliberately skipped out any implementation details as they will be shared as and when the project progresses with the milestones.
Still, if you come across this blog and find the project interesting, feel free to hit me up if you have you any curious doubts :)

Thanks!
Aditya Divekar