[Author’s note: As I write this in October, the second massive denial of service attack in two weeks threatening to take down significant sections of the internet has just ended. Could full implementation of Operation Safety-Net have prevented this?- M3AAWG Messaging playlist on YouTube
- Selected Training Videos (also available on www.youtube.com/maawg)
- Selected Keynote Videos (also available on www.youtube.com/maawg)
1
Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
Best Practices
PDF
June 05, 2019
M3AAWG Position on Selling Email Address Lists, Version 1.01
It is the position of M3AAWG that third-party email list sales and purchases are abusive practices and that sending to purchased lists is also abusive, whether B2C, B2B or another objective.
PDF
May 06, 2019
LACNOG-M3AAWG Joint Best Current Operational Practices on Minimum Security Requirements for Customer Premises Equipment (CPE) Acquisition
This document identifies a minimum set of security requirements that should be specified when ISPs purchase customer premise equipment to ensure that the CPE has a secure default configuration and a secure remote management and update mechanism. These joint best practices were developed by LACNOG (Latin American and Caribbean Network Operators Group) and M3AAWG, and is the product of LACNOG's original drafts by its working groups LAC-AAWG (Latin American and Caribbean Anti-Abuse Working Group) and BCOP Working Group, in cooperation with M3AAWG members, Senior Technical Advisors and the M3AAWG Technical Committee.
PDF
March 31, 2019
Configuring Human Readable Delivery Status Notifications (DSN), updated 2019
A discussion on improving non-deliverability status notices to better identify abuse issues, this document has been updated with minor changes for clarity and to simplify the text.
PDF
March 31, 2019
M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1
Cyber criminals are increasingly turning to Web-based messaging systems to transmit their content. Yet, there are many techniques to prevent or mitigate these attacks and this document details the Best Common Practices for protecting these messaging systems. This Version 1.1 has been updated additional suggestions for managing the collection, storage and indenxing of data, a new section on multifactor authentication and other changes.
PDF
March 31, 2019
M3AAWG Email Anti-Abuse Product Evaluation Best Current Practices, Updated March 2019
Outlining practices used during trial evaluations of messaging anti-abuse products or services, this document provides recommendations on processes and techniques to accurately determine a particular solution’s effectiveness. The March 2019 version includes recommendations affected by newer technology, such as cloud services, and other updates.
Pages
Public Policy Comments
April 05, 2019
Comments Pertaining to the Domain Abuse Activity Reporting (DAAR) System
M3AAWG submitted comments to ICANN on April 5, 2019 asking that additional actionable information be included in the DAAR system. The comments are listed on the ICANN correspondence website at https://www.icann.org/resources/pages/correspondence.
October 18, 2018
ICANN GDPR and WHOIS Users Survey
A joint survey conducted by the Anti-Phishing Working Group (APWG) and M3AAWG looks at how cyber investigators use WHOIS data and how the European Union’s General Data Protection Regulation (GDPR) has affected their anti-abuse efforts. The letter from M3AAWG and survey are also available on the ICANN site at https://www.icann.org/en/system/files/correspondence/upton-to-marby-et-a...
April 25, 2018
Temporary Access Method for Non-Public Whois Data, and accompanying accreditation policy points
Submitted jointly by the Anti-Phishing Working Group (APWG), M3aawg and First, this document describes a short-term method for authorized parties to access non-public WHOIS data via designated IP addresses.
April 13, 2018
WHOIS Tiered Access and Accreditation Program
M3AAWG submitted these short comments to ICANN stating that an expert group from the Anti-Abuse community should be created to facilitate the certification of qualified applicants from the security field.
March 27, 2018
Engaging the FTC on Web Host Security Tips for Small Businesses
M3AAWG issued this joint letter with the i2Coaition to engage the FTC on web hosting security for small businesses. The letter was sent to the U.S. Federal Trade Commission on March 26, 2018.
Pages
M3AAWG Reports
M3AAWG Email Metrics Report
Pages
DM3Z Blog
News
News Releases
HTML
May 30, 2019
Minimum Home Router Security Recommendations Defined in New Joint LACNOG and M3AAWG Best Practices
HTML
February 18, 2019
Dave Piscitello Receives M3AAWG Mary Litynski Award for a Lifetime of Fighting DNS and Online Abuse
HTML
October 31, 2018
First Japan Anti-Abuse Working Group General Meeting Shares M3AAWG Work with Emphasis on Regional Issues
Pages
Articles About M3AAWG
PDF
October 30, 2018
Policy eliminates pre-emptive protection of internet infrastructure abuse
Networks Asia - Security Asia
https://www.networksasia.net/article/policy-eliminates-pre-emptive-prote...
A joint APWG-M3AAWG survey of cybercrime responders and anti-abuse personnel indicates ICANN’s Temporary Specification for domain name WHOIS data has eliminated interventions that previously allowed investigators to stop new cybercrimes while still in the preparatory stages -- and has markedly impeded routine mitigations for many kinds of cybercrimes.
URL
October 25, 2018
How Do You Fight a $12B Fraud Problem? One Scammer at a Time
https://krebsonsecurity.com/2018/10/how-do-you-fight-a-12b-fraud-problem...
Brian Krebs interviewed Ronnie Tokazowski, founder of the private BEC List that received the 2018 JD Falk Award, on Business Email Compromise and the list's cooperative fight to protect end-users.
PDF
October 09, 2018
Group recognized for efforts thwart Nigerian email scams
https://thehill.com/policy/cybersecurity/410603-private-group-recognized...
Coverage of the BEC List fighting online fraud and the M3AAWG 2018 JD Falk Award it received.
URL
June 20, 2018
The History of Email with Dave Crocker, Part 2
https://thenetworkcollective.com/2018/06/hon-email-part-2/
In 1990, an unresolvable debate over how to expand email beyond ASCII text spawned two separate working groups and is a rare example of how staunchly competitive tech groups unintentionally ended up collaborating to create something important that went beyond the original objective. The result: multimedia email, according to M3AAWG Senior Technical Advisor Dave Crocker in part 2 of his Network Collective podcast on the history of email.
PDF
November 13, 2017
Hackers Shut Down ProPublica’s Email For a Day. Here’s How to Stop Attacks Like That.
ProPublica's Julia Angwin augments her earlier "list bomb" article with information on what can be done to prevent these attacks.
Pages
Videos
