Best Practices

顧客側通信機器 (CPE) が備えるべき 最低限のセキュリティ要件についてのBCOP–LACNOG-M3AAWG Joint Best Current Operational Practices on Minimum Security Requirements for Customer Premises Equipment (CPE) Acquisition, LAC-BCOP-1 - In Japanese (2019-05)

This document identifies a minimum set of security requirements that should be specified when ISPs purchase customer premise equipment to ensure that the CPE has a secure default configuration and a secure remote management and update mechanism. These joint best practices were developed by LACNOG (Latin American and Caribbean Network Operators Group) and M3AAWG, and is the product of LACNOG's original drafts by its working groups LAC-AAWG (Latin American and Caribbean Anti-Abuse Working Group) and BCOP Working Group, in cooperation with M3AAWG members, Senior Technical Advisors and the M3AAWG Technical Committee.

Outlining practices used during trial evaluations of messaging anti-abuse products or services, this document provides recommendations on processes and techniques to accurately determine a particular solution’s effectiveness. The March 2019 version includes recommendations affected by newer technology, such as cloud services, and other updates.

Cyber criminals are increasingly turning to Web-based messaging systems to transmit their content. Yet, there are many techniques to prevent or mitigate these attacks and this document details the Best Common Practices for protecting these messaging systems.  This Version 1.1 has been updated additional suggestions for managing the collection, storage and indenxing of data, a new section on multifactor authentication and other changes.

To minimize the risk of active DKIM keys being compromised, they should be changed frequently. This document was updated in March 2019 and discusses why keys should be rotated, how frequently they should be rotated, and suggests the best common practices for doing so.

A discussion on improving non-deliverability status notices to better identify abuse issues, this document has been updated with minor changes for clarity and to simplify the text.

ヘルプ ─ ブロックリストに登録された 2018年2月版 バージョン1.0.1（2014年6月 - Help! I’m on a Blocklist, Version 1.0.1 (Updated February 2018)

Flow Specification (Flowspec) is a new type of Network Layer Reachability Information (NLRI) for the BGP routing protocol. It was originally developed to help mitigate DDoS attacks but its use has expanded to numerous other applications.

In marketing terms, “appending” – also known as "e-appending" or "e-pending" – is the practice of taking demographic information known (or assumed) to be related to a particular customer and matching it with other data. It is the position of M3AAWG that this is an abusive messaging practice.  The January 2019 Version 1.0.1 is updated to include the European Union's GDPR and CASL.

Phishing continues to be a significant problem for hosting companies, mailbox providers, brand owners and, of course, for every internet user. This document iinforms all of these groups on the best current practices for reporting phishing URLs.