Skip to Content

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Mar 10, 2015

Had you been in the general vicinity of the Palace Hotel in San Francisco a couple of weeks ago– say, Thursday evening, maybe just before an early dinner time – you might have heard thunderous applause spilling from the open entrance into the evening air. You might have thought an A-list celebrity had just been introduced on stage to the gathered membership of M3AAWG, as our 33rd General Meeting drew to a close.

Nope. This was a slightly bigger deal.

That evening, the M3AAWG Senders Committee announced the completion of the long-awaited, much-anticipated rewrite of the Senders' Best Common Practices. If you've already had a look at it, you might be faintly puzzled that a paper – and a pretty short one at that – might rate the kind of ovation usually reserved for actual people.

But the BCP is a special case. It has history.

The complete reboot of the BCP was a truly Herculean – and occasionally Sisyphean – effort spanning more than three years, dozens of conference calls and working sessions, and thousands of individual edits.

Any observer of the quantities of blood, sweat and tears that went into the...

best practices, Messaging, spam
Dec 19, 2014

Over the past year or so, messaging security and encryption has been increasingly in the spotlight.   We now send and receive more data over the Internet than ever before, yet until recently, email messages have been typically transmitted in clear text. This lack of encryption allows any interested party with just a little know-how and some basic equipment to potentially intercept the content therein: they can read personal information, bills, social media notices, birthday invitations, promotional material and even access pictures of loved ones or other sensitive attachments.  

In response to this threat, the first best practices document developed by the new M3AAWG Pervasive Monitoring SIG and released earlier this month outlines the immediate steps anyone operating a mail server should take to encrypt sessions used for sending email. “TLS for Mail: M3AAWG Initial Recommendations” focuses on utilizing opportunistic TLS to create secured sessions for server-to-server and intra-network communications as well as email submission from end users. These first steps are of critical importance to protecting users from unwanted eavesdropping and will...

Oct 20, 2014

M3AAWG has issued its first report examining the level of bot infections on consumer networks and the percentage of subscribers notified.  This is significant in that it is the first cooperative effort by network service providers to quantify the extent of malicious bots infecting their subscribers.  The M3AAWG Bot Metrics Report also provides data on the implementation of a portion of the Anti-Bot Code of Conduct for ISPs developed at the FCC’s Communications Security Reliability and Interoperability Council (CSRIC) under the leadership of M3AAWG Chairman Emeritus Michael O’Reirdan.

The ABCs for ISPs calls for service providers to take “meaningful action” in each of five areas:  Education, Detection, Notification, Remediation and Collaboration.  M3AAWG has promoted this effort with a dedicated page on our website listing companies that support the code (

Aug 13, 2014

M3AAWG has a long history of featuring diverse keynotes as part of its members-only meetings, with speakers ranging from noted cybersecurity journalist Brian Krebs to General David B. Warner of the U.S. Air Force Space Command (AFSC) to Canadian Privacy Commissioner Jennifer Stoddart, among others.

At the M3AAWG 30th General Meeting in San Francisco last February, members got to hear from another interesting individual, Mr. Ladar Levison. Mr. Levison was the owner/operator of a smaller, privacy-focused email service that was known as Lavabit.  You may never have heard of Lavabit, but it was an encrypted email service used by over 400,000 users, including Edward Snowden, the highly publicized NSA whistleblower.   

Mr. Levinson's keynote address tells the story of what happened to him and Lavabit when the government wanted access to one of Lavabit's customer's email at virtually any cost – including the privacy and security of over 400,000 other users of that service. It is a story that's well worth hearing, regardless of how you may feel about Edward Snowden's own disclosures.   

While many M3AAWG keynotes are limited solely to members, given public interest in all things related to Edward Snowden, M3...

Messaging, Public Policy
Jul 15, 2014

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. The nomination process is simple, open to anyone, and free of charge. To be considered for the October 2014 J. D. Falk Award, nominations must be completed by 5 September, 2014.

This year’s program marks the third presentation of the M3AAWG J. D. Falk Award. Past winners include Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (2013), and FBI Supervisory Special Agent Thomas Grasso (2012). Warner is credited with developing a university lab project into one of the world’s preeminent training programs for cyber intelligence analysts. Grasso led the DNS Changer Working Group, assembling a partnership of industry, government and academic experts to organize a response to a global malware...

Aug 12, 2013

M3AAWG was formed almost ten years ago over concerns that email, one of the Internet’s two “killer apps” at the time, might collapse due to out-of-control volumes of spam. Fortunately today, even with vastly more spam bombarding the networks, our operator members report they’re now able to stop about 90 percent of abusive messages before they reach users’ inboxes, per our email metrics reporting program.

From this real-world perspective, it has become clear that one of the most effective tools in the ongoing fight against spam and malware has been the voluntary adoption of the proven methodologies outlined in industry best practices.  The Internet community’s greatest resource in confronting online threats has always been the dedicated, unsung heroes who successfully battle spammers and other cybercriminals as part of their daily jobs then come together in associations like M3AAWG to share and distribute their knowledge in these documents and white papers.  Like many industry organizations, we have worked hard to foster a trusted, vetted environment suitable for sharing timely threat information and have developed a process to distill industry experience on what works and what doesn’t,...

Public Policy, spam
Syndicate content