Home M3AAWG Blog Attack

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

The lab describes itself as “an interdisciplinary laboratory…focusing on research and development at the intersection of information and communication technologies, human rights, and global security.” Of course, this mission aligns closely with that of M3AAWG.

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) will host its 53rd general meeting October 11-14 virtually. Members from internet service and email providers, networking and communications companies, security vendors and social networking companies will exchange updates, ideas and efforts to improve cybersecurity, reduce online abuse and protect user data and privacy online.

Email security professionals have long been worried about attackers abusing shared SPF authorization within a multitenant hosting service. When many customers share the same infrastructure, there are increased concerns about abuse. Just such an attack against members sharing the same sending servers led to a deep dive session on the topic at the recent M3AAWG 51 meeting. During the panel discussion, the security analysts who detected the attack explained what they found, and participants from the abused hosting service shared lessons learned with the broader community.


The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.

Subscribe to Attack