Best Practices

System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.

These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.

Forwarding is quite popular among users who have multiple email accounts they prefer to manage centrally. This updated M3AAWG best practices document includes measures that can be adopted by email volume forwarders and the receivers of forwarded email to mitigate spam-related concerns specific to forwarding email addresses.

This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.

When email authentication mechanisms are applied, both the originating and receiving systems are able to correctly and reliably validate who is accountable for the message. This paper describes authentication techniques to aid in protecting business’ brands from forgery and phishing attacks and is intended for a general readership that has basic familiarity with Internet mail service. The Executive Summary also provides a one-page overview that can be used independently.

M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.

In this paper, M3AAWG identifies some IPv6 anti-spam issues, provides recommendations to reduce abuse and offers an initial list of requirements for further technical work to address concerns within the broader Internet technical community.

Honeypots are a proven technology used for detecting and understanding online threats that also can be used to fight telephony spam. This document was written to facilitate and encourage telephony honeypot development, as well as the use and sharing of information about and from those honeypots. It includes an overview of the benefits of such honeypots and also provides details of the various options that exist for setting them up.

Just as speaking a common language allows two people to communicate effectively, standards that define the format of abuse reports and the destination address for them increase the effectiveness of network owners in fighting abusive traffic.

Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems.