Skip to Content

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Dec 18, 2014

Over the past year or so, messaging security and encryption has been increasingly in the spotlight.   We now send and receive more data over the Internet than ever before, yet until recently, email messages have been typically transmitted in clear text. This lack of encryption allows any interested party with just a little know-how and some basic equipment to potentially intercept the content therein: they can read personal information, bills, social media notices, birthday invitations, promotional material and even access pictures of loved ones or other sensitive attachments.  

In response to this threat, the first best practices document developed by the new M3AAWG Pervasive Monitoring SIG and released earlier this month outlines the immediate steps anyone operating a mail server should take to encrypt sessions used for sending email. “TLS for Mail: M3AAWG Initial Recommendations” focuses on utilizing opportunistic TLS to create secured sessions for server-to-server and intra-network communications as well as email submission from end users. These first steps are of critical importance to protecting users from unwanted eavesdropping and will...

Oct 20, 2014

M3AAWG has issued its first report examining the level of bot infections on consumer networks and the percentage of subscribers notified.  This is significant in that it is the first cooperative effort by network service providers to quantify the extent of malicious bots infecting their subscribers.  The M3AAWG Bot Metrics Report also provides data on the implementation of a portion of the Anti-Bot Code of Conduct for ISPs developed at the FCC’s Communications Security Reliability and Interoperability Council (CSRIC) under the leadership of M3AAWG Chairman Emeritus Michael O’Reirdan.

The ABCs for ISPs calls for service providers to take “meaningful action” in each of five areas:  Education, Detection, Notification, Remediation and Collaboration.  M3AAWG has promoted this effort with a dedicated page on our website listing companies that support the code (

Aug 13, 2014

M3AAWG has a long history of featuring diverse keynotes as part of its members-only meetings, with speakers ranging from noted cybersecurity journalist Brian Krebs to General David B. Warner of the U.S. Air Force Space Command (AFSC) to Canadian Privacy Commissioner Jennifer Stoddart, among others.

At the M3AAWG 30th General Meeting in San Francisco last February, members got to hear from another interesting individual, Mr. Ladar Levison. Mr. Levison was the owner/operator of a smaller, privacy-focused email service that was known as Lavabit.  You may never have heard of Lavabit, but it was an encrypted email service used by over 400,000 users, including Edward Snowden, the highly publicized NSA whistleblower.   

Mr. Levinson's keynote address tells the story of what happened to him and Lavabit when the government wanted access to one of Lavabit's customer's email at virtually any cost – including the privacy and security of over 400,000 other users of that service. It is a story that's well worth hearing, regardless of how you may feel about Edward Snowden's own disclosures.   

While many M3AAWG keynotes are limited solely to members, given public interest in all things related to Edward Snowden, M3...

Messaging, Public Policy
Jul 15, 2014

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. The nomination process is simple, open to anyone, and free of charge. To be considered for the October 2014 J. D. Falk Award, nominations must be completed by 5 September, 2014.

This year’s program marks the third presentation of the M3AAWG J. D. Falk Award. Past winners include Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (2013), and FBI Supervisory Special Agent Thomas Grasso (2012). Warner is credited with developing a university lab project into one of the world’s preeminent training programs for cyber intelligence analysts. Grasso led the DNS Changer Working Group, assembling a partnership of industry, government and academic experts to organize a response to a global malware...

Aug 11, 2013

M3AAWG was formed almost ten years ago over concerns that email, one of the Internet’s two “killer apps” at the time, might collapse due to out-of-control volumes of spam. Fortunately today, even with vastly more spam bombarding the networks, our operator members report they’re now able to stop about 90 percent of abusive messages before they reach users’ inboxes, per our email metrics reporting program.

From this real-world perspective, it has become clear that one of the most effective tools in the ongoing fight against spam and malware has been the voluntary adoption of the proven methodologies outlined in industry best practices.  The Internet community’s greatest resource in confronting online threats has always been the dedicated, unsung heroes who successfully battle spammers and other cybercriminals as part of their daily jobs then come together in associations like M3AAWG to share and distribute their knowledge in these documents and white papers.  Like many industry organizations, we have worked hard to foster a trusted, vetted environment suitable for sharing timely threat information and have developed a process to distill industry experience on what works and what doesn’t,...

Public Policy, spam
Jul 11, 2013
Suresh Ramasubramanian's picture

Concerned about malware and spam in India, one of the fasting growing online markets in the world?  Do you have connections with Internet companies in the region or are you associated with an Internet company in India? 

We invite you and your colleagues to the latest Indian Anti-Abuse Working Meeting on August 4 in Mumbai, India, hosted by M3AAWG with sponsorship from Afilias.  This is the second in a (hopefully) long series of working meetings where we at M3AAWG plan to engage closely with our counterparts in the Indian messaging, ISP, data center, cellular carrier and email marketer industries.

The upcoming M3AAWG meeting will be held back-to-back with SANOG (, the largest ISP network operations conference in the South Asian region.  We have an agenda that is being actively developed and includes speakers such as:

·   Animesh Bansriyar, Cloudmark Security Architect, presenting on mobile anti-abuse mitigation...

Syndicate content