- M3AAWG Messaging playlist on YouTube
- Selected Training Videos (also available on www.youtube.com/maawg)
- Selected Keynote Videos (also available on www.youtube.com/maawg)
1
Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
Best Practices
PDF
January 21, 2016
M3AAWG Protecting Parked Domains Best Common Practices-Updated December 2015
Many organizations and individuals register “parked” domains not meant to either send or receive email traffic. Mailbox providers can authenticate incoming email from these domains quite effectively, provided such domains have the necessary identifiers. This best practices document describes what identifiers can be used to indicate a domain or subdomain that is not meant to send or receive emails. The December 2015 version updates some industry links that changed.
PDF
July 08, 2015
M3AAWG Initial Recommendations for Addressing a Potential Man-in-the-Middle Threat
Even though opportunistic encryption protects messages during transmission from sender to receiver, it is still possible for a Man-in-the-Middle (MITM) attacker with a self-signed certificate to impersonate the intended destination. This brief document describes the MITM situation, outlines various methods bad actors can use to conduct MITM attacks, covers components for deterring these attacks and introduces DANE (DNS-based Authentication of Named Entities), a new technology to assist messaging providers in validating they are communicating with an intended destination when using SSL/TLS.
PDF
June 30, 2015
Anti-Phishing Best Practices for ISPs and Mailbox Providers, Version 2.01, June 2015
This document was jointly developed by the Anti-Phishing Working Group (APWG) and M3AAWG with technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses. It also includes practices to respond constructively when these attacks occur. Version 2.01 updates the anti-phishing best practices originally published in 2006.
PDF
June 08, 2015
Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats
Written in plain language by M3AAWG and the London Action Plan (LAP), Operation Safety-Net outlines the current and emerging threats faced by consumers, businesses and governments with recommended best practices to address these threats. For a brief overview of the document, see the brochure explaining the global depth and breadth of these best practices in the Supporting Documents section from the For the Industry menu tab.
PDF
March 16, 2015
M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers
System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.
Pages
Public Policy Comments
May 23, 2012
M3AAWG Comments on ICANN WHOIS Policy Review Team Final Report
Response to the final report from the ICANN WHOIS Policy Review Team
December 08, 2011
MAAWG Comments on Protect IP and SOPA
Submitted to U.S. Congress committees on the judiciary in December 2011
MAAWG outlined technical issues with S.968, Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, and H.R.3261, Stop Online Piracy Act, in a letter to the judiciary committees of the U.S. Senate and U.S. House of Representatives.
November 16, 2011
MAAWG Comments on the Draft Final Report of the Internationalized Registration Data Working Group
Submitted to ICANN in November 2011
Responses to ICANN on issues in the draft report covering the intrnationalization of domains can be read on the draft report comment site at http://forum.icann.org/lists/ird-draft-final-report/
November 12, 2011
MAAWG Comments on Models to Advance Voluntary Corporate Notification to Consumers Regarding the Illicit Use of Computer Equipment by Botnets and Related Malware
Submitted to NIST in November 2011- Responding to a Request for Information from the U.S. Department of Commerce (DoC) and U.S. Department of Homeland Security (DHS), the comments are also available on the NIST site.
September 12, 2011
MAAWG Comments on National Initiative for Cybersecurity Education (NICE) Draft Strategic Plan
MAAWG submitted comments in September 2011
The comments were submitted to the National Institute of Standards and Technologyon its draft NICE plan.
Pages
M3AAWG Reports
DM3Z Blog
Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group
There is no blog posts.
Pages
News
News Releases
HTML
July 18, 2012
Nominations Open at M3AAWG for New J.D. Falk Award Honoring Inventive Cyber Security Work
HTML
February 14, 2012
MAAWG Evolves into M3 Tackling Messaging, Malware, Mobile; Breaking through “Silo” Thinking, Pushes Industry to Better Cooperation
Pages
Articles About M3AAWG
URL
November 13, 2017
Hackers Shut Down ProPublica’s Email For a Day. Here’s How to Stop Attacks Like That.
ProPublica's Julia Angwin augments her earlier "list bomb" article with information on what can be done to prevent these attacks.
URL
November 09, 2017
How Journalists Fought Back Against Crippling Email Bombs
ProPublica journalist Julia Angwin describes how she and colleages were "list bombed" and talks about the growing problem, including a preventive strategy developed by M3AAWG.
Videos
