Submitted on May 27, 2016 responding to a U.S. Federal Communications Communications Notice of Proposed Rulemaking from the Wireline Competition Bureau. All comments and the FCC proposal are available at http://apps.fcc.gov/ecfs/proceeding/view/view?name=16-106.
Note: The FCC released its Rules to Protect Broadband Consumer Privacy on October 26, 2016, quoting several comments from M3AAWG.
System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.
These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.
Forwarding is quite popular among users who have multiple email accounts they prefer to manage centrally. This updated M3AAWG best practices document includes measures that can be adopted by email volume forwarders and the receivers of forwarded email to mitigate spam-related concerns specific to forwarding email addresses.
This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.
When email authentication mechanisms are applied, both the originating and receiving systems are able to correctly and reliably validate who is accountable for the message. This paper describes authentication techniques to aid in protecting business’ brands from forgery and phishing attacks and is intended for a general readership that has basic familiarity with Internet mail service. The Executive Summary also provides a one-page overview that can be used independently.
It is an unfortunate reality that Internet anti-abuse professionals are, from time to time, encountering child sexual abuse material in the course of their work. This document provides guidelines for these situations but is not legal advice. M3AAWG strongly suggests that readers work with their company’s legal counsel or avail themselves of independent legal advice regarding their rights, responsibilities and obligations relevant to prevailing legal jurisdictions.
M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.
First-Fourth Quarter 2012, First-Fourth Quarter 2013, First-Second Quarter 2014
In this paper, M3AAWG identifies some IPv6 anti-spam issues, provides recommendations to reduce abuse and offers an initial list of requirements for further technical work to address concerns within the broader Internet technical community.
Addressing problems associated with compromised user accounts, this document discusses mitigation techniques and methods of identifying compromised accounts. It also includes recommendations to ensure the long-term security of accounts to prevent “re-compromise.”
Honeypots are a proven technology used for detecting and understanding online threats that also can be used to fight telephony spam. This document was written to facilitate and encourage telephony honeypot development, as well as the use and sharing of information about and from those honeypots. It includes an overview of the benefits of such honeypots and also provides details of the various options that exist for setting them up.
Nearly all email systems, including those of Email Sender Providers and network operators, at some point have delivery issues because their sending IPs or domains are on a blocklist. This document shares established procedures defining how to triage and respond to a blocklisting to assist in a timely and effective resolution.
Just as speaking a common language allows two people to communicate effectively, standards that define the format of abuse reports and the destination address for them increase the effectiveness of network owners in fighting abusive traffic.
Submitted to the U.S. State Department in January 2014, responding to its request for Stakeholder Input on the Role of Governments, International Telecommunication Union Council Working Group on Internetprelated Public Policy Issues.
To minimize the risk of active DKIM keys being compromised, they should be changed frequently. This document discusses why keys should be rotated, how frequently they should be rotated, and suggests the best common practices for doing so.
Submitted to ICANN in response to their misuse survey report.
Submitted in July 2013 to the ITU Council Working Group on International Internet–Related Public Policy Issues (CWG–Internet) in response to a request for comments on effectively countering and combatting spam.
Due to recently disclosed vulnerabilities associated with the use of short DKIM keys, organizations should review their DKIM email authentication implementation based on these best practices. Also see a short video on the M3AAWG YouTube Channel (www.youtube.com/maawg) at https://www.youtube.com/watch?v=ErianxHOXIA.
Response to staff recommendations in the ICANN report.
Response to the final report from the ICANN WHOIS Policy Review Team
Response to the December 5, 2011 ICANN report from the WHOIS Review Team (WRT).
First-Fourth Quarter 2011
ESPs take on significant risk every time a new customer sends email. A bad client can undermine the sending reputation for the ESP’s other clients as well as inflict abuse at recipient domains. This paper reviews some vetting practices to avoid these problems.
In marketing terms, “appending” – also known as "e-appending" or "e-pending" – is the practice of taking demographic information known (or assumed) to be related to a particular customer and matching it with other data. It is the position of MAAWG that this is an abusive messaging practice.
MAAWG responded to the Department of Commerce (DOC) Internet Policy Task Force's seventy-seven page green paper on "Cybersecurity, Innovation and the Internet Economy."
MAAWG members, and our members' customers, like all Internet users, rely daily on Internet names. MAAWG commented on the proposed budget from the perspective of encouraging ICANN to continue to offer a reliable, high performance, cost effective, scalable and trustworthy system of domain names.
Third and Fourth Quarter 2010
First and Second Quarter 2010
Cyber criminals are increasingly turning to Web-based messaging systems to transmit their content. Yet, there are many techniques to prevent or mitigate these attacks and this document details the Best Common Practices for protecting these messaging systems.
Outlining practices used during trial evaluations of messaging anti-abuse products or services, this document provides recommendations on processes and techniques to accurately determine a particular solution’s effectiveness.
This paper briefly discusses how an DNS attack works, the impact of this threat, proposes a solution and discusses the advantages and disadvantages from a technical, business and regulatory standpoint
Summarizing the highlights of the consumer survey covering North America and Western Europe with the main graphs.
Full report of survey covering North America and Europe with detailed data and charts
Third and Fourth Quarter 2009
First and Second Quarter 2009
Describes four approaches to make dynamic IP addresses more easily obtainable by mailbox providers with a discussion of the advantages and disadvantages of each
A summary of the most effective abuse desk best practices from MAAWG service providers
Recommendations include blocking unauthorized access to and from port 25, requiring authentication, and aggregating email traffic through a SMTP server that is controlled by the service provider
Outlines a voluntary set of principles for messaging system operators that discourages bulk messaging abuse of peer-to-peer messaging platforms
San Francisco, April 22, 2014 – Tackling security concerns with hosting and cloud storage, pervasive monitoring, identity management, and telephony, the Messaging, Malware and Mobile Anti-Abuse Working Group has announced the formation of four new collaborative special interest groups along with its organizational leadership for 2014. The new SIGs provide a trusted venue for industry participation on critical issues while M3AAWG continues to support the ongoing work in its core security tracts.
San Francisco, March 20, 2013 – Emphasizing the need for more cooperative cybersecurity efforts across platforms, the Messaging, Malware and Mobile Anti-Abuse Working Group will continue with a diverse leadership structure for 2013. Alex Bobotek of AT&T and Chris Roosenraad of Time Warner Cable will continue as M3AAWG Co-Chairmen with Michael O’Reirdan of Comcast continuing as a Board member and M3AAWG Chairman Emeritus.
San Francisco, Feb. 20, 2013 – A bot believed to have netted $14 million in illicit profits has been turned into a golden learning opportunity, yielding important insights into how the online community can best alert and assist customers with infected systems.
San Francisco, Feb. 4, 2013 – As the DMARC authentication specification gains broader adoption, M3AAWG has released a free series of videos to help the industry implement and understand the value of the anti-phishing technology. The M3AAWG DMARC Training Series provides almost two and half hours of instruction from DMARC.org technical experts, including information for both domain owners who want to protect their brands from “spoofing” and for ISPs or mailbox providers who want to protect end-users from fraudulent messages.
San Francisco, Jan. 30, 2013 – With the variety of devices in use today and the pervasive connectivity available to users, malware could easily get the upper hand on many networks without corrective measures. The Feb. 19-21 M3AAWG 27th General Meeting in San Francisco will focus on helping the industry develop the necessary strategies to protect end-users from the latest messaging abuses, whatever the abuse vector or device that is targeted.
San Francisco, Nov. 6, 2012 [Updated: Dec. 11, 2013] – With the recently revealed ability to spoof email from companies that are using an outdated, weak encryption key to authenticate their email, the Messaging, Malware and Mobile Anti-Abuse Working Group is urging companies to adjust their DKIM processes immediately to improve end-user safeguards and today issued new best practices that specifically address the vulnerability.
Baltimore, Oct. 24, 2012 – A cooperative international report available today outlines Internet and mobile best practices aimed at curtailing malware, phishing, spyware, bots and other Internet threats, and provides a thorough review of current and emerging threats.
San Francisco, July 18, 2012 – Seeking to throw a little light on those making the Internet a safer experience for all, the Messaging, Malware and Mobile Anti-Abuse Working Group is now accepting nominations for the first annual J.D. Falk Award, named after the dedicated industry advocate who was instrumental in the growth of M3AAWG and other technical organizations. The award, developed in conjunction with his employer Return Path, Inc. and his family, celebrates J.D.
San Francisco, February 14, 2012 – The online industry generally acknowledges that viruses and malicious code are spread through spam, yet it seems that malware and messaging security professionals rarely collaborate on threats despite the commonality of their work. The Messaging Anti-Abuse Working Group is pushing the industry to move beyond this “silo” mentality to better protect end-users.
San Francisco, Oct. 5, 2011 – A global summit of online security experts will convene in Paris at a joint MAAWG-LAP meeting featuring keynotes by important French government officials along with panels of international law enforcement agents, public policy advisors, technologists and academic researchers. Organized around the annual European meeting of the Messaging Anti-Abuse Working Group on Oct.
- (Joint News Release issued with EastWest Institute)
- San Francisco, Feb. 4, 2011 –As the world prepares to transition to IPv6, what do legitimate senders and marketers need to know about the updated protocol and how it will affect their operations? The Messaging Anti-Abuse Working Group (MAAWG) is helping senders find the answers to these questions with a free video “IPv6 for Senders” now available on the MAAWG website.
- San Francisco, October 28, 2010 –The first industry best practices to help Web messaging and social networking operators protect users of their Web mail, direct messaging and SMS services from spam and other cyber attacks have been released by the Messaging Anti-Abuse Working Group (MAAWG). MAAWG also published two other new best practices papers clarifying conventional email processes for incorporating consumer complaint feedback loops and to assist ISPs in evaluating anti-abuse tools.
San Francisco, Aug. 18, 2010 – Demonstrating their commitment to work with the international online industry to protect consumers, Facebook and Tata Communications, a leading global telecom service provider that is part of India’s Tata Group, have joined the Messaging Anti-Abuse Working Group at the organization’s highest membership level and will serve on the MAAWG Board of Directors.
- San Francisco, May 21, 2010 – As an industry service, the Messaging Anti-Abuse Working Group (MAAWG), the largest global anti-spam industry organization, has released its first online training video and is opening the technical training sessions at its next meeting to non-members for the first time, both at no cost. The new four-part tutorial by leading experts on DomainKeys Identified Mail (DKIM) is now available at the MAAWG website, and the live training courses on DNS security, complaint feedback loops, and DKIM at the MAAWG 19th General Meeting
- San Francisco, May 18, 2010 –The Messaging Anti-Abuse Working Group will host the GSMA Security Group at the MAAWG 19th General Meeting in Barcelona on June 8-10 with a multi-track event focusing on all forms of spam delivery, including mobile, broadband, terrestrial and Web messaging. The meeting will also feature an insiders’ panel discussing the recent crackdown on the Mariposa botnet, sessions on mobile spam and abuse reporting technologies, and a look at critical technical and international public policy issues affecting abuse abatement.
San Francisco, Jan. 28, 2010 – With the participation of some of the industry’s largest ISPs, email providers and Internet companies, the Messaging Anti-Abuse Working Group (MAAWG) is focusing on how to better protect the end user from spam, bots and other messaging exploitations during its February meeting in San Francisco. The three-day, multi-track event will feature experts from Google, Mozilla, Microsoft, all the major anti-virus vendors, social networking sites, and anti-spam researchers, among others.