Home Messaging

Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.

Best Practices

PDF
February 07, 2016

M3AAWG Best Practices for Unicode Abuse Prevention

With the advent of International Domain Names, Internationalized Top-Level Domains and Email Address Internationalization there will be an increase in the legitimate usage of Unicode characters and an increase in the potential for its abuse as well. This document provides best practices to curtail the potential Unicode abuse.

PDF
February 07, 2016

M3AAWG Unicode Abuse Overview and Tutorial

Provides background on the use of Unicode characters in the abuse context with a tutorial on the options to curtail that abuse.

PDF
January 31, 2016

M3AAWG Initial Recommendations for Using Forward Secrecy to Secure Data

Opportunistic encryption is one step in protecting email traffic between messaging providers but it might not be sufficient unless forward secrecy is also employed for the connection. This document explains why forward secrecy is necessary and provides guidance for implementing it.

PDF
January 21, 2016

M3AAWG Protecting Parked Domains Best Common Practices-Updated December 2015

Many organizations and individuals register “parked” domains not meant to either send or receive email traffic. Mailbox providers can authenticate incoming email from these domains quite effectively, provided such domains have the necessary identifiers. This best practices document describes what identifiers can be used to indicate a domain or subdomain that is not meant to send or receive emails. The December 2015 version updates some industry links that changed.

PDF
July 08, 2015

M3AAWG Initial Recommendations for Addressing a Potential Man-in-the-Middle Threat

Even though opportunistic encryption protects messages during transmission from sender to receiver, it is still possible for a Man-in-the-Middle (MITM) attacker with a self-signed certificate to impersonate the intended destination. This brief document describes the MITM situation, outlines various methods bad actors can use to conduct MITM attacks, covers components for deterring these attacks and introduces DANE (DNS-based Authentication of Named Entities), a new technology to assist messaging providers in validating they are communicating with an intended destination when using SSL/TLS.

Pages

Public Policy Comments

September 12, 2011

MAAWG Comments on National Initiative for Cybersecurity Education (NICE) Draft Strategic Plan

MAAWG submitted comments in September 2011
The comments were submitted to the National Institute of Standards and Technologyon its draft NICE plan.

September 06, 2011

MAAWG Comments to UK House of Commons Inquiry into Malware and Cyber-crime

MAAWG submitted a response in September 2011 to the Science and Technology Committee, UK House of Commons
The committee's inquiry covered a variety of questions related to malware and cyber-crime.

November 13, 2010

MAAWG Response to U.S. Department of Commerce’s Internet Policy Task Force on the Global Free Flow of Information on the Internet

MAAWG comments were submitted November 2010 in response to the DoC request.
The U.S. Department of Commerce’s Internet Policy Task Force requested comments on government policies that restrict Internet information flow, seeking to understand why these restrictions have been instituted; what, if any, impact they have, and how to address negative impacts. The DoC will publish a report contributing to the Administration’s domestic policy and international engagement on these issues.

October 27, 2010

MAAWG Comments on ICANN Study on the Prevalence of Domain Names Registered Using a Privacy or Proxy Registration Service

MAAWG comments were submitted October 2010 based on the ICANN request.
ICANN conducted an exploratory study in 2009 to assess an approximate percentage of domain names (through a statistical sampling plan) contained in the top 5 gTLD registries that used privacy or proxy registration services. The study indicated that at least 18% (and probably not much more than 20%) of the domain names contained in the top 5 gTLD registries used privacy or proxy registration services.

September 30, 2010

MAAWG Letter Regarding Canadian Fighting Internet and Wireless Spam Act (FISA)

The MAAWG letter supporting elements of FISA (see www2.parl.gc.ca/Sites/LOP/LEGISINFO/index.asp?Language=E&list=agenda) was submitted September 2010.
MAAWG submitted a letter supporting the global sharing of abuse-fighting information between law enforcement that is included in Canadian Bill C-28 establishing the federal Fighting Internet and Wireless Spam Act (“FISA”).

Pages

M3AAWG Reports

DM3Z Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

There is no blog posts.

Pages

News

Articles About M3AAWG

URL
November 13, 2017

Hackers Shut Down ProPublica’s Email For a Day. Here’s How to Stop Attacks Like That.

ProPublica's Julia Angwin augments her earlier "list bomb" article with information on what can be done to prevent these attacks. 

URL
November 09, 2017

How Journalists Fought Back Against Crippling Email Bombs

ProPublica journalist Julia Angwin describes how she and colleages were "list bombed" and talks about the growing problem, including a preventive strategy developed by M3AAWG.
 

Subscribe to Subscribe to News Releases