Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.
M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.
M3AAWG Network Address Translation Best Practices: The Implications of Large Scale NAT for Security Logging
Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems.
ESPs take on significant risk every time a new customer sends email. A bad client can undermine the sending reputation for the ESP’s other clients as well as inflict abuse at recipient domains. This paper reviews some vetting practices to avoid these problems.
This paper briefly discusses how an DNS attack works, the impact of this threat, proposes a solution and discusses the advantages and disadvantages from a technical, business and regulatory standpoint
Public Policy Comments
MAAWG comments were submitted in response to U.S. Federal Communications Commission recommendations in September 2010.
The U.S. FCC’s Public Safety and Homeland Security Bureau (PSHSB) requested comment on the creation of a Cybersecurity Roadmap. The plan would identify vulnerabilities to communications networks or end-users and develop countermeasures and solutions in preparation for, and response to, cyber threats and attacks in coordination with federal partners.
MAAWG comments were submitted to the Department of Commerce’s request in September 2010. The DoC site has all submitted comments.
The Department of Commerce’s Internet Policy Task Force undertook a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department was seeking comments on measures to improve cybersecurity while sustaining innovation.
MAAWG offered comments on the U.S. Department of Homeland Security’s strategy in July 2010
The U.S. Department of Homeland Security’s draft plan is focused on maintaining a secure cyberspace, which is critical to the health of the economy and national security. It outlines how the federal government might address the recent and alarming rise in online fraud, identity theft, and misuse of information online.
MAAWG submitted comments in March 2010. As recommended by MAAWG and others, ARIN changed course on this topic.
The initial draft policy would have allowed ISPs to hide the true customer of a domain name. The revised Version 2 policy that was implemented recognized the need for the customer name to remain in the SWIP and RWHOIS information.
MAAWG Hosts GSMA Security Group in Europe Industry Meeting Attacks Spam Across Platforms, Promotes International, Industry-wide Cooperation
Consumers Don’t Relate Bot Infections to Risky Behavior As Millions Continue to Click on Spam; MAAWG 2010 Email Security Consumer Survey Expands to North America and Western Europe
Articles About M3AAWG
ProPublica's Julia Angwin augments her earlier "list bomb" article with information on what can be done to prevent these attacks.
ProPublica journalist Julia Angwin describes how she and colleages were "list bombed" and talks about the growing problem, including a preventive strategy developed by M3AAWG.