One important M3AAWG constituency consists of Internet service providers (ISPs), who, along with their customers, may be the primary target for spammers, malware authors, phishers and other online criminals. The documents below outline some of the recommendations that can help ISPs to beat these threats.
1. M3AAWG Disposition of Child Sexual Abuse Materials Best Common Practices
It is an unfortunate reality that Internet anti-abuse professionals are, from time to time, encountering child sexual abuse material in the course of their work. This document provides guidelines for these situations but is not legal advice.
2. M3AAWG Mobile Messaging Best Practices for Service Providers
These industry best practices are intended to help mitigate the abuse of mobile messaging (i.e., SMS, MMS and RCS), including text messaging and connected services. The guidelines outlined here will assist service providers and vendors in maintaining practical levels of trust and security across an open, globally-interconnected messaging environment.
3. M3AAWG Managing Port 25(Dec. 2005)
As many as 80% of all spam messages pass through “zombie” personal computers without the knowledge or authorization of their owners. Requiring authentication and aggregating email transmission traffic through SMTP relays is beneficial to ISPs and can offer competitive business advantages.
4. RFC 6561, Remediation of Bots in ISP Networks(March 2012)
M3AAWG published the first best practices for mitigating bot infections in residential networks in July 2009. These are now incorporated into the 2012 IETF document.
5. M3AAWG Best Practices for the Use of a Walled Garden, Version 2.0 (March 2015)
This document outlines practices ISPs can use to stop their network from being used for abusive purposes by making end-users aware of the unwanted malware residing on their personal computers.
6. M3AAWG BCP for Mitigating Abuse of Web Messaging Systems (Aug. 2010)
As spam filters have improved at blocking direct connections from spammers, cyber criminals increasingly are turning to Web-based messaging systems to transmit their content. This document describes techniques to prevent or mitigate these attacks, detailing the best practices for protecting Web-based systems.
7. M3AAWG Complaint Feedback Loop BCP (Aug. 2010)
Note: This M3AAWG best practices paper has been replaced by RFC 6449, Complaint Feedback Loop Operational Recommendations, November 2011, from the IETF. See https://tools.ietf.org/html/rfc6449
8. M3AAWG Overview of DNS Security - Port 53 Protection (June 2010)
ISPs are uniquely positioned to protect their subscribers by carefully managing access to network resources. The Domain Name System (DNS) is central to the proper functioning of virtually every Internet Protocol (IP)-based communication in every network across the Internet. Consequently, managing access to the DNS is an essential part of the overall security posture of every subscriber.