[Baypiggies] Want to contribute to OpenSource but don't know how?

Glen Jarvis glen at glenjarvis.com
Wed Aug 30 23:28:16 EDT 2017 

I have a fairly small open source project that has been broken down into four tasks. Although it would have been faster for me to actually write the solution for one of the tasks than it was to specify the task, I thought I'd keep it this way to allow others to participate in an OpenSource project if they never have:

[h](https://github.com/glenjarvis/dmarc.lambda)[ttps://github.com/glenjarvis/dmarc.lambda](https://github.com/glenjarvis/dmarc.lambda)

This is broken down into four tasks:
* One of them requires no coding experience at all (but you would still need to learn how to make a pull request)
    https://github.com/glenjarvis/dmarc.lambda/tree/master/task1_readme_polishing
* Another of them is a fairly beginner's Python function
    https://github.com/glenjarvis/dmarc.lambda/tree/master/task3_parse_filenames
* Another is an average Python programmer task:
    https://github.com/glenjarvis/dmarc.lambda/tree/master/task2_extract_attachment
* And a final one is also an average level task (but is bigger). Someone else has a repo that may already have the solution to this:
   https://github.com/glenjarvis/dmarc.lambda/tree/master/task4_parse_file_contents

If you don't know how to make a Pull Request, I can help you make one against this repo -- if you create a working solution to the above problems. I can't promise to merge all of your Pull Requests. However, it is very good practice if you've never done one before.

These individual tasks require no need to understand AWS Lambda. However, I will take these components and plug them into an AWS Lambda and other service solution as described here:

AWS Lambda Application that receives, parses and processes DMARC summary reports

Spam email has been a problem since the mid-nineties. There have been technological advances that let the owner of a domain (e.g., google.com or scs.lbl.gov or glenjarvis.com) absolutely control if an email from that domain really belongs to them:

- https://en.wikipedia.org/wiki/Sender_Policy_Framework

- https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

Even more recently, however, is the technological advance that ties both Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) linked above into a system that can also set policies. That means that if I, as the owner of glenjarvis.com, want to say "reject all mail that isn't sent from this SPF address with these keys," I can do so.

I can also specify where to send reports when the bad actors pretend to be from glenjarvis.com but really aren't. This technology is called Domain-based Message Authentication, Reporting and Conformance (DMARC):

- https://en.wikipedia.org/wiki/DMARC

This OpenSource project is a framework that collects those reports, parses them, and stores them in a way where one can query and make meaningful reports.

The specific technology used in this project uses Amazon Web Services (AWS) heavily in a serverless stack. These are the services that are used:

- Reports are sent from email agents (google.com, yahoo.com, aol.com, etc.) via email. The AWS service that receives email is Simple Email Service (SES)
- Contents of these emails are stored in an AWS service called Simple Storage Service (S3).
- Code is needed to parse that email and extract the attached file. This code runs serverless in an AWS Lambdaservice. Once the attachment is parsed from the email (that is still stored in S3), the attachment will be also be stored in another S3 location. Lambda log output will be stored in the AWS CloudWatch service.
- Code is needed to parse the previously attached DMARC compressed reports (xml compressed as either zip or gz). This will also run as a serverless Lambda.
- Finally, the parsed data needs stored. The simplest place to store this data is in the AWS service called DynamoDB. One can convert that data to a Relational Database format of their choice.
- Meaningful reports from the previously collected data can then be generated

Again, Pull Requests are welcome.

Glen Jarvis
--
I use these email security features:
- PGP keys / Keybase:  https://keybase.io/glenjarvis
- One name: https://onename.com/glenjarvis
- ProtonMail (https://protonmail.com/) for end-to-end encryption
- SPF, DKIM, and DMARC DNS (glenjarvis.com)
- DMARC policy of 'reject' (to reject all mails that don't pass security)

Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/baypiggies/attachments/20170830/21653313/attachment-0001.html>

More information about the Baypiggies mailing list