Best Practices

This document recommends a set of best practices for authenticating email messages using the security protocols Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting & Conformance) DMARC and Authenticated Received Chain (ARC). (Another security protocol, SMTP authentication, meaning the presentation of credentials during the submission of a message by a Mail User Agent (MUA) or Mail Submission Agent (MSA) to a Mail Transfer Agent (MTA) serves a different purpose and is outside the scope of this document.)

The objectives of this document are to help maximize the successful delivery of wanted political text messages and minimize the incidence of unwanted and/or abusive political text messaging, while ensuring that the rights of all participants in political processes are respected. This document defines best practices that promote trust, transparency and collaboration among ecosystem providers.

M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group, appreciates this opportunity to comment on the Initial Report of the Temporary Specification for gTLD Registration Data Phase 2 Expedited Policy Development Process (https://gnso.icann.org/en/issues/epdp-phase-2-initial-07feb20-en.pdf). 

The Messaging, Malware, and Mobile Anti Abuse Working Group (M3AAWG) welcomes the opportunity to review the draft report from ICANN’s Security Stability and Resiliency Review Team (Two).

When preparing for bulk or transactional email sending, two items require special attention: outbound IP addresses, and the domain names to be used for these communications. For the latter, ESPs (Email Service Providers) go through this set-up process frequently and have to review the same readiness checklist each time. This process may involve individual client preferences and constraints, both legal and technical.

Este é um documento conjunto de Melhores Práticas Operacionais Atuais (Best Current Operational Practices, BCOP) desenvolvido pelo LACNOG  (Grupo de Operadores de Redes da América Latina e o Caribe) e pelo M3AAWG  (Messaging, Malware and Mobile Anti-Abuse Working Group). É o produto das versões originais do LACNOG por seus grupos de trabalho LAC-AAWG  (Grupo de Trabalho Antiabuso da América Latina e o Caribe) e Grupo de Trabalho BCOP , em cooperação com membros do M3AAWG, Assessores Técnicos Sêniores e o Comitê Técnico do M3AAWG.

This paper provides basic information on the benefits and potential issues with encrypting DNS traffic for both end-users wanting to implement encrypted DNS on their personal devices or home broadband networks and for ISPs or enterprise administrators considering it for their corporate networks, including recommendations for M3AAWG members and the online anti-abuse eco-system. The companion document “M3AAWG Companion Document: Recipes for Encrypting DNS Stub Resolver-to-Recursive Resolver Traffic” provides detailed instructions and processes.

This paper includes detailed instructions on how to install and configure a third party encrypted DNS service on Mac OS X, MS Windows, iPhone, Android and a standalone Raspberry Pi.  It is a companion document to the “M3AAWG Tutorial on Third Party Recursive Resolvers and Encrypting DNS Stub Resolver-to-Recursive Resolver Traffic,” which outlines the benefits and issues with encrypting DNS traffic.

LACNOG- M3AAWG  공동 작성  CPE(가입자 댁내장치) 최소 보안 요구사항에 대한 Best Current Operational Practices LAC-BCOP-1 – LACNOG-M3AAWG Joint Best Current Operational Practices on Minimum Security Requirements for Customer Premises Equipment (CPE) Acquisition, LAC-BCOP-1 - In Korean (2019-05)

It is the position of M3AAWG that third-party email list sales and purchases are abusive practices and that sending to purchased lists is also abusive, whether B2C, B2B or another objective.