Best Practices

M³AAWG ヘルプ！ スパムトラップに引っかかってしまった！ 

The goal of this document is to recommend best practices to parties who are considering the registration of look-alike domain names for legitimate, active security, or security-related research purposes. Below, we explore the legal and operational issues associated with the registration and use of such domains. This document is not intended for legal advice; please consult your company's legal counsel.

Updated August 2025
This document addresses the options available if you realize that you are a victim of a Ransomware attack. It explains how to consider risks and alternatives in resolving the recovery and supporting continuity for your business, and how to tackle those issues. 

This document specifies the best-known common practices, as of publication, for evaluating the security of AI applications and services, whether they are purchased or developed in-house. It aims to ensure that all stages of the AI lifecycle, from data collection to deployment and monitoring, adhere to best practices to mitigate risks, ensure transparency and maintain system integrity. By implementing robust model development and deployment processes and continuously updating AI systems to adapt to changing environments, the guidelines aim to enhance the effectiveness, reliability and security of AI applications and services.  This document is intended to offer specific best common practices with clear normative language for these practices aimed at the information technology sector practitioners. This document is intended to augment other current practices from relevant bodies, such as ISO/IEC, the National Institute of Standards and Technology (NIST), the European Telecommunications Standards Institute (ETSI), CEN/CENELEC, and the IEEE. It will be updated to reflect changing technology and aims to support implementers and practitioners, rather than stipulating requirements. 
 

The Senders Committee created the Help! I Hit a Spam Trap! document in 2023 in an effort to help Email Service Providers (ESPs) mitigate the consequences of hitting spam traps. The document provides details on what spam traps are, the impact they have on mailings, and includes suggestions on ways to use spam trap feedback to improve customers’ sending practices, thereby minimizing future spam trap hits. In this document, “customer” refers to the organization using the ESP to send emails. This document is now available in Spanish.

The Senders Committee created the Help! I Hit a Spam Trap! document in 2023 in an effort to help Email Service Providers (ESPs) mitigate the consequences of hitting spam traps. The document provides details on what spam traps are, the impact they have on mailings, and includes suggestions on ways to use spam trap feedback to improve customers’ sending practices, thereby minimizing future spam trap hits. In this document, “customer” refers to the organization using the ESP to send emails. This document is now available in Portuguese.

This document is intended to provide concrete best practices for preventing or mitigating malicious or compromised domains at the registry or registrar level. A fundamental gap within the DNS community exists for how registries and registrars can best operationally effectuate anti-abuse mechanisms specific to malicious or compromised domains. M3AAWG hopes this document will help inform relevant DNS stakeholders and promote a safer and more secure DNS ecosystem. 

Ce document présente les options disponibles si vous réalisez que vous êtes victime d'une attaque Ransomware. Il explique comment prendre en compte les risques et les alternatives pour résoudre la reprise et soutenir la continuité de votre entreprise, et comment résoudre ces problèmes.

This document is an update to our previous "Managing Port 25 for Residential or Dynamic IP Space - Benefits of Adoption and Risks of Inaction" document published in 2005.

Spammers and other abusers often use viruses and spyware as vehicles to assume control over large numbers of computers. By managing the sending of email from devices on their network, providers can reduce the costs of running their business, increase customer satisfaction, and reduce the level of internet abuse associated with their service.