Home Messaging

Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.

Best Practices

PDF
July 08, 2015

M3AAWG Initial Recommendations for Addressing a Potential Man-in-the-Middle Threat

Even though opportunistic encryption protects messages during transmission from sender to receiver, it is still possible for a Man-in-the-Middle (MITM) attacker with a self-signed certificate to impersonate the intended destination. This brief document describes the MITM situation, outlines various methods bad actors can use to conduct MITM attacks, covers components for deterring these attacks and introduces DANE (DNS-based Authentication of Named Entities), a new technology to assist messaging providers in validating they are communicating with an intended destination when using SSL/TLS.

PDF
June 30, 2015

Anti-Phishing Best Practices for ISPs and Mailbox Providers, Version 2.01, June 2015

This document was jointly developed by the Anti-Phishing Working Group (APWG) and M3AAWG with technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses.  It also includes practices to respond constructively when these attacks occur. Version 2.01 updates the anti-phishing best practices originally published in 2006.

PDF
June 08, 2015

Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats

Written in plain language by M3AAWG and the London Action Plan (LAP), Operation Safety-Net outlines the current and emerging threats faced by consumers, businesses and governments with recommended best practices to address these threats. For a brief overview of the document, see the brochure explaining the global depth and breadth of these best practices in the Supporting Documents section from the For the Industry menu tab.

PDF
March 16, 2015

M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.

PDF
March 13, 2015

M3AAWG Best Common Practices for the Use of a Walled Garden, Version 2.0

These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.

Pages

Public Policy Comments

September 17, 2010

MAAWG Comments on National Broadband Plan Recommendation to Create a Cybersecurity Roadmap

MAAWG comments were submitted in response to U.S. Federal Communications Commission recommendations in September 2010.
The U.S. FCC’s Public Safety and Homeland Security Bureau (PSHSB) requested comment on the creation of a Cybersecurity Roadmap. The plan would identify vulnerabilities to communications networks or end-users and develop countermeasures and solutions in preparation for, and response to, cyber threats and attacks in coordination with federal partners.

September 17, 2010

MAAWG Comments on Department of Commerce Cybersecurity, Innovation and the Internet Economy

MAAWG comments were submitted to the Department of Commerce’s request in September 2010. The DoC site has all submitted comments.
The Department of Commerce’s Internet Policy Task Force undertook a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department was seeking comments on measures to improve cybersecurity while sustaining innovation.

July 19, 2010

MAAWG Response to National Strategy for Trusted Identities in Cyberspace

MAAWG offered comments on the U.S. Department of Homeland Security’s strategy in July 2010
The U.S. Department of Homeland Security’s draft plan is focused on maintaining a secure cyberspace, which is critical to the health of the economy and national security. It outlines how the federal government might address the recent and alarming rise in online fraud, identity theft, and misuse of information online.

March 31, 2010

MAAWG Comments on ARIN Draft Policy 2010-3 “Customer Confidentiality”

MAAWG submitted comments in March 2010. As recommended by MAAWG and others, ARIN changed course on this topic.
The initial draft policy would have allowed ISPs to hide the true customer of a domain name. The revised Version 2 policy that was implemented recognized the need for the customer name to remain in the SWIP and RWHOIS information.

Pages

M3AAWG Reports

DM3Z Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

There is no blog posts.

Pages

News

Articles About M3AAWG

PDF
June 08, 2016

EXPERTS TO FCC: CHANGE COURSE ON BROADBAND PRIVACY RULES INDUSTRY GROUPS AND EXPERTS AGREE: THE FCC MUST CHANGE COURSE ON BROADBAND PRIVACY

Fixed Wireless Internet Service Providers Association 

http://www.wispa.org/News/wispa_news_06-08-16_Experts_to_FCC

"A coalition of industry groups including WISPA, CTA, CTIA, and US Telecom today published a joint article in opposition to the FCC’s proposed new rules for broadband privacy protection . . . The Messaging, Malware and Mobile Anti-Abuse Working Group similarly warned that the rules as currently framed could inadvertently undermine cooperation and communication needed to secure the web from malware, viruses and hackers online. . . "

Pages

Subscribe to Subscribe to News Releases