These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
M3AAWG Describes Costs Associated with Using Crypto
This document describes the budget and other costs associated with using cryptography to help make informed decisions when deploying encryption.
M3AAWG Password Managers Usage Recommendations
Most users struggle to manage a large number of usernames and passwords. While password managers have both proponents and detractors, these recommendations reflect the general consensus of the industry.
M3AAWG Initial Recommendations: Arming Businesses Against DDoS Attacks
Distributed Denial of Service attacks continue to be a major concern. This guide helps businesses prepare for DDoS attacks and, as a side benefit, some of these same techniques can also help businesses that suddenly see a large increase in legitimate customer web traffic.
M3AAWG Password Recommendations for Account Providers
Passwords are used virtually everywhere. This document provides password requirement recommendations for ISPs and other providers and briefly describes the risk model of using passwords to provide authorized or secure access to resources. It aims to improve end-user security by encouraging strong passwords.
M3AAWG Multifactor Authentication Recommendations
While passwords are the default solution for securing users' accounts today, they have many shortcomings and most can be easily cracked. M3AAWG believes the time has come for providers to require multifactor authentication, instead of simple passwords, to enhance protection of services with a history or substantial risk of account compromise.
In Italian-Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats
Operazione Safety-Net: Migliori pratiche per Combattere le Minacce Online, Mobili e Telefoniche - Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats (2015)
in French-M3AAWG Initial Recommendations for Using Forward Secrecy to Secure Data
Implémentation de la Forward Secrecy pour la sécurisation des échanges de données Recommandations initiales du M3AAWG – M3AAWG Initial Recommendations for Using Forward Secrecy to Secure Data (January 2016)
In Spanish-Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats
OPERACIÓN SAFETY NET MEJORES PRÁCTICAS RECOMENDADAS PARA ENFRENTAR AMENAZAS EN LÍNEA, MÓVILES Y TELEFÓNICAS Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats (2015)
in French-Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats
MEILLEURES PRATIQUES FACE AUX MENACES EN LIGNE, MOBILES ET DE TÉLÉPHONIE - Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats (2015)
M3AAWG Best Current Practices For Building and Operating a Spamtrap, Ver. 1.2.0
Updated in August 2016 as Version 1.2.0, this document is for spamtrap operators who generally use data generated from spamtraps for purposes such as research, evidence collection, infected machine mitigation or mail list leakage and list quality control.