M3AAWG was formed almost ten years ago over concerns that email, one of the Internet’s two “killer apps” at the time, might collapse due to out-of-control volumes of spam. Fortunately today, even with vastly more spam bombarding the networks, our operator members report they’re now able to stop about 90 percent of abusive messages before they reach users’ inboxes, per our email metrics reporting program.
From this real-world perspective, it has become clear that one of the most effective tools in the ongoing fight against spam and malware has been the voluntary adoption of the proven methodologies outlined in industry best practices. The Internet community’s greatest resource in confronting online threats has always been the dedicated, unsung heroes who successfully battle spammers and other cybercriminals as part of their daily jobs then come together in associations like M3AAWG to share and distribute their knowledge in these documents and white papers. Like many industry organizations, we have worked hard to foster a trusted, vetted environment suitable for sharing timely threat information and have developed a process to distill industry experience on what works and what doesn’t, resulting in 25 published best practices to date.
We also have successfully partnered with other associations to bring specialized talents and resources to address new, forward-looking issues. For example, last year M3AAWG collaborated with the London Action Plan (LAP), a highly respected network of anti-spam and law enforcement organizations, to produce a comprehensive 52-page report describing proven tactics against abuse. “Best Practices to Address Online and Mobile Threats” has been submitted to the OECD for consideration and implementation by both business and government entities, and it shares the collective knowledge of experts from around the world on how to reduce online risks, both present and emerging.
As spam becomes more complex and spammers more emboldened, it has become nearly impossible for an increasingly isolated and politicized world to stay ahead of evolving threats. Best practices like these embody a level of technical expertise generally not available to government or policy entities. They offer successful anti-abuse tactics suitable for both large and small companies, and for countries with established or developing Internet infrastructure.
Our July 2013 response to the ITU CWG-Internet’s request for consultation on how to fight spam is simple: We encourage them to focus on promoting the voluntary adoption of existing best practices developed by impartial industry associations. These proven tactics represent the best ideas of some of the most experienced technical experts working on this problem. Promoting and supporting industry best practices developed by experts is the best use of resources versus working to create new procedures and incurring the time delays associated with replicating existing work.
Jerry Upton, M3AAWG Executive Director