Author: Amy Cadagin, M3AAWG Executive Director

M3AAWG 51, held in February 2021, gathered online anti-abuse professionals to share knowledge and collaborate around best practices to better understand, prevent, and disrupt online threats. From an in-depth presentation on a new methodology to analyze phishing susceptibility, to technical training to prevent abuse in the Internet of Things (IoT), M3AAWG 51 hosted industry-leading experts to discuss some of the most timely topics in today’s online ecosystem. We look forward to continuing these conversations with our members throughout the year to shape the future of online anti-abuse. 

At the meeting, M3AAWG recognized Alex Bobotek, AT&T Senior Architect, with the 11th Annual M3AAWG Mary Litynski Award for his steadfast dedication to anti-abuse initiatives, especially in evangelizing the adoption of SMS anti-spam protections.The meeting’s Open Roundtable (ORT) sessions brought together M3AAWG members for constructive discussions. In one ORT session, and a subsequent overview panel, M3AAWG members came together to discuss SMTP Multi-Pass attacks and worked to find solutions and combinations of best practices to defend against them. Additional ORTs focused on developing a framework for inclusive language within the anti-abuse community (and the technology industry at large), the management of IP and Domain reputations, and advancing mobile abuse reporting, among other topics. 

If you were unable to join us at M3AAWG 51, or would like to revisit any of the meeting’s sessions, M3AAWG members can visit the M3AAWG member site to watch all presented sessions in their entirety. Below, we’ve recapped several M3AAWG 51 session for your consideration:

• The Phish Scale: NIST’s New Method Helps IT Staff See Why Users Click on Fraudulent Emails
  Led by Jody Jacobs, Information Security Specialist, and Shaneé Dawkins, Computer Scientist, at the National Institute of Standards and Technology (NIST), this session detailed the organization’s new DIY method for rating human phishing detection difficulty, the Phish Scale. The methodology accounts for user context, which plays a central role in determining phishing susceptibility, to better equip organizations with the insights they need to tailor phishing training to their environment and employees.
• DANE for Device Identity: Using DNS and Public Key Cryptography to Prevent Abuse in the Internet of Things
  Ash Wilson, M3AAWG IoT SIG Vice Chair and Technical Director at Valimail, alongside Shumon Huque, Software Engineering Architect at Salesforce, led a technical presentation detailing the challenges of, and best practices for, establishing a durable IoT identity strategy. Specifically, the duo highlight how the proliferation of broadly recognized public key infrastructure (PKI) has helped in strengthening identity strategy durability, and how the use of DNS records defined by DANE can be used to establish client identity. 
• Improving Security of Messaging in Transit - the Adoption of TLS 1.3
  Joe Salowey, TLS Working Group Co-Chair at the Internet Engineering Task Force (IETF) outlines the privacy and security benefits of TLS 1.3, and the current implementation and deployment status of the cryptographic protocol. Salowey details several of the challenges associated with TLS 1.3, as well as the security and privacy initiatives the IETF TLS Working Group is exploring. 
• Smashing Smishing in the UK
  Garry Lilburn, Operations Director, and Timothy West, Head of Cyber Threat Intelligence, at the Cyber Defence Alliance (CDA) showcased their efforts to close the gaps within the traditional domain takedown process and organize internet stakeholders to detect and disrupt abusive infrastructure. The session also detailed how collaboration with targeted organisations and law enforcement agencies benefits enforcement measures in holding bad actors behind smishing campaigns accountable.

In addition to the sessions detailed in this post, M3AAWG members can tune into all M3AAWG 51 presentations – and also grab the latest M3AAWG gear – on the M3AAWG member site. As we eagerly await our 52nd General Meeting, to be held virtually from June 7-10, 2021, we invite all M3AAWG members to submit session proposals ahead of the March 15th, 2021 deadline. Have an idea or project you’d like to showcase on the M3AAWG blog or in our new M3AAWG 5 video series? Reach out to a M3AAWG officer, SIG / Committee Chair to learn more.