Home M3AAWG Blog Establishing Trust in Email: Best Common Practices for Authenticating Email Messaging

By Sharon Kent, Technical Committee Co-Chair and Todd Herr, Tech-Messaging Co-Chair

With the majority of companies working remotely for the foreseeable future, and social distancing procedures still in effect, we’re entirely reliant on digital communications, particularly email. Bad actors are taking advantage of this dependence, resulting in an uptick in email-related cybercrime, such as spear phishing attacks, where criminals pose as legitimate senders with a specific request. COVID-19-related phishing attacks grew exponentially from under 5,000 per week in February to over 200,000 by late April. As cyberattacks continue to intensify, the implementation of proper email authentication standards is key to protecting the privacy and security of end-users. 

Effective email authentication establishes user trust. Through the implementation of robust email authentication standards, senders and receivers are given the confidence that messages are legitimate and will not compromise end-user privacy, data and control. There are a variety of tactics and methods to verify the authenticity of an email, but there is no uniform procedure across the industry. 

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) recently put out a call to the industry to authenticate and secure sending domains and email addresses by deploying email authentication at scale and at enforcement. To support widespread adoption across the email ecosystem, set clear standards and protect end-user privacy, M3AAWG has developed a best practices guide for authenticating email messaging – to download the new document, click here

The full guide contains best practices using various security standards, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Guidelines are intended to outline actionable practices that mail operators, intermediaries and receivers can implement immediately.

M3AAWG’s membership comprises over 200 companies, including email service providers (ESPs), internet service providers (ISPs), mailbox providers, cybersecurity vendors, security researchers and hosting providers, among others. By facilitating collaboration between leaders from across the online ecosystem, M3AAWG has developed best common practices to address a wide range of online abuse. To access additional best common practice documents, click here.



The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.