Last week, members from M³AAWG met in London for the group’s 55th meeting to discuss and collaborate on issues related to messaging, cybersecurity, regulatory and related topics. The mid-year regional meeting typically includes topics and speakers focused on European Union-related regulations, trends and issues on cybersecurity and email.

Improving security often involves changes to a service that impacts customers. The balancing of business and security interests leads to trade-offs and unhappy customers who either wish to be more secure or avoid breaking changes. Bolting on additional security mechanisms to an existing service also affects the complexity and supportability of the existing service.

At the most recent meeting, M³AAWG members heard deployment experiences and lessons learned from rolling out security improvements including disabling TLS1.0, adding support for securing messaging in transit using the M³AAWG developed MTA-STS protocol (https://datatracker.ietf.org/doc/html/rfc8461) in addition to deployment of SMTP DANE with DNSSEC standards. To continue the securing mail flow discussion, members heard from European standards experts on the importance and need to increase adoption of e-mail authentication and encryption standards.

Members also continued exploring ongoing work in the group’s many special interest groups and committees. “Adventures in Brand Phishing Detection: The Next Chapter” showed members how to use computer vision models in everyday anti-abuse work. Code and API keys were distributed so attendees could get hands-on experience. M³AAWG recently published a series of blogs, videos and a best practices document on brand protection.

Members also heard from experts and practitioners about email deliverability challenges and best practices, including a session “EU Email Landscape and Deliverability Challenges.” In a session “The Life of an Email,” speaker experts addressed how email is delivered and authenticated and better tools, both mental and software, for understanding delivery issues. A panel and individual speakers also talked through EU-specific deliverability challenges including GDPR and similar data protection regulations.

The environment, how-to and issues related to AMP 4 email were tackled in multiple sessions that addressed security, operations, and expectations and talked about the ongoing work of M³AAWG in this space.

On the policy front, a panel on cyber insurance policy trends looked at falling cyber insurance prices, a spike in claims caused by ransomware, obligations on policyholders and tools to reduce claims.

Practitioners are always looking for ways to utilize open source tools and code. A session “Open-Source Intelligence for Onboarding, Due Diligence & Abuse Investigation with BYOST (Build Your Own Set of Tools) provided info on the quality of the information retrieved from open sources and tools that provide it to help attendees in researching options from multiple sources.

M³AAWG meetings also provide updates and trainings on technical topics. This meeting was no different, addressing the importance of regular penetration testing and vulnerability assessment, the prerequisites of such activity, possible caveats (such as bug bounties or unauthorized testing), performance and risk evaluation methodologies. “How to debug DNS & DNSSEC” provided a checklist for finding DNS and DNSSEC problems. That checklist could be used to implement continuous monitoring of some DNS infrastructure or to ad-hoc troubleshoot DNS problems in the network.

DKIM replay attacks were the topic of multiple sessions that included the definition of a DKIM replay attack, how they can be identified, mitigation and protecting domains. In a related session, panelists noted that in early 2022, DKIM replay attacks scaled up considerably, targeting ESPs and MBPs in order to send spam. Panelists addressed finding and defending against such attacks.

Of course, abuse in email is a focus of M³AAWG and its members. In a session “Mobile Abuse Reporting Fundamentals,” members received an overview of the existing abuse reporting systems, an outline of how the existing systems support the generalized mobile ecosystem for abuse prevention, a brief overview of subscriber user experiences, and future evolution of mobile abuse reporting to improve overall protections for the mobile ecosystem.

In a related topic, “Telecommunications Fraud - An Industry Forum Perspective,” attendees got an update about how the collaborative approach helps fight fraud more efficiently, sharing information through different organizations helps learn and prevent threats. Finally, a session “RIPEstat, RIPE Atlas, and Routing Information Service (RIS)” explained three popular RIPE NCC tools (RIPEstat, RIPE Atlas and RIS) and how to look up information essential to Internet number resources.

The thrice-annual M³AAWG members meeting give attendees deep dives into a variety of useful topics in addition to access to other member experts, keynotes and committee collaboration. Members will meet this fall and more info can be found here, https://www.m3aawg.org/upcoming-meetings.