Home Best Practices

These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

PDF
July 31, 2017

M3AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability, Revised July 2017

Due to disclosed vulnerabilities associated with the use of short DKIM keys, organizations should review their DKIM email authentication implementation based on these best practices updated in July 2017.  Also see a short video on this issue at the M3AAWG YouTube Channel (www.youtube.com/maawg).

PDF
May 20, 2017

M3AAWG Introduction to Reflective DDoS Attacks

Many thousands of individual Distributed Denial-of-Service attacks take place each day. While many of these are relatively small, they are sufficient to take unprepared sites offline and threaten connectivity over large regions of the internet. It is in everyone’s interest to take all possible precautions to thwart these damaging DDoS attacks. This paper provides an overview of how this very common form of attack works, what measures can be taken to help eliminate it and pointers to some of the many technical documents that can provide more detail. Also see the video Understanding and Preventing Reflective DDoS Attacks with M3AAWG Senior Technical Advisor Dr. Richard Clayton of Cambridge University explaining reflective DDoS attacks and some of the actions the industry can take to protect against them.

PDF
March 31, 2017

M3AAWG Password Managers Usage Recommendations

Most users struggle to manage a large number of usernames and passwords.  While password managers have both proponents and detractors, these recommendations reflect the general consensus of the industry.

PDF
March 31, 2017

M3AAWG Describes Costs Associated with Using Crypto

This document describes the budget and other costs associated with using cryptography to help make informed decisions when deploying encryption.

PDF
March 15, 2017

M3AAWG Initial Recommendations: Arming Businesses Against DDoS Attacks

Distributed Denial of Service attacks continue to be a major concern. This guide helps businesses prepare for DDoS attacks and, as a side benefit, some of these same techniques can also help businesses that suddenly see a large increase in legitimate customer web traffic.

Pages