Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
M3AAWG outlines the key characteristics of traffic analysis attacks, discusses potential ways to avoid them, and considers the advantages and disadvantages of deploying preventative measures.
With the advent of International Domain Names, Internationalized Top-Level Domains and Email Address Internationalization there will be an increase in the legitimate usage of Unicode characters and an increase in the potential for its abuse as well. This document provides best practices to curtail the potential Unicode abuse.
Provides background on the use of Unicode characters in the abuse context with a tutorial on the options to curtail that abuse.
Opportunistic encryption is one step in protecting email traffic between messaging providers but it might not be sufficient unless forward secrecy is also employed for the connection. This document explains why forward secrecy is necessary and provides guidance for implementing it.
Many organizations and individuals register “parked” domains not meant to either send or receive email traffic. Mailbox providers can authenticate incoming email from these domains quite effectively, provided such domains have the necessary identifiers. This best practices document describes what identifiers can be used to indicate a domain or subdomain that is not meant to send or receive emails. The December 2015 version updates some industry links that changed.
Public Policy Comments
MAAWG Comments on ICANN Study on the Prevalence of Domain Names Registered Using a Privacy or Proxy Registration Service
MAAWG comments were submitted October 2010 based on the ICANN request.
ICANN conducted an exploratory study in 2009 to assess an approximate percentage of domain names (through a statistical sampling plan) contained in the top 5 gTLD registries that used privacy or proxy registration services. The study indicated that at least 18% (and probably not much more than 20%) of the domain names contained in the top 5 gTLD registries used privacy or proxy registration services.
The MAAWG letter supporting elements of FISA (see www2.parl.gc.ca/Sites/LOP/LEGISINFO/index.asp?Language=E&list=agenda) was submitted September 2010.
MAAWG submitted a letter supporting the global sharing of abuse-fighting information between law enforcement that is included in Canadian Bill C-28 establishing the federal Fighting Internet and Wireless Spam Act (“FISA”).
MAAWG comments were submitted to the Department of Commerce’s request in September 2010. The DoC site has all submitted comments.
The Department of Commerce’s Internet Policy Task Force undertook a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department was seeking comments on measures to improve cybersecurity while sustaining innovation.
MAAWG comments were submitted in response to U.S. Federal Communications Commission recommendations in September 2010.
The U.S. FCC’s Public Safety and Homeland Security Bureau (PSHSB) requested comment on the creation of a Cybersecurity Roadmap. The plan would identify vulnerabilities to communications networks or end-users and develop countermeasures and solutions in preparation for, and response to, cyber threats and attacks in coordination with federal partners.
MAAWG offered comments on the U.S. Department of Homeland Security’s strategy in July 2010
The U.S. Department of Homeland Security’s draft plan is focused on maintaining a secure cyberspace, which is critical to the health of the economy and national security. It outlines how the federal government might address the recent and alarming rise in online fraud, identity theft, and misuse of information online.
Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group
None at this time.
Incoming State Attorneys General Association President McKenna and FTC Consumer Protection Director Vladeck To Address Online Protection at MAAWG; Global Gathering Tackles Cybersecurity Policy, Technology, Mobile and Social Platforms
MAAWG Develops First Industry Best Practices for Protecting Web Messaging Consumers; Also Issues Practices for Email Complaint Feedback Loops and Evaluating Anti-Abuse Products for Email Operators
Facebook and Tata Communications Join MAAWG Board of Directors; Will Fight Spam and Online Abuse with Global Industry Organization
MAAWG Provides Free Messaging Security Training: Releases DKIM Implementation Tutorial By Leading Experts, Invites Industry to Previously Closed Training Courses
Articles About M3AAWG
EXPERTS TO FCC: CHANGE COURSE ON BROADBAND PRIVACY RULES INDUSTRY GROUPS AND EXPERTS AGREE: THE FCC MUST CHANGE COURSE ON BROADBAND PRIVACY
Fixed Wireless Internet Service Providers Association
"A coalition of industry groups including WISPA, CTA, CTIA, and US Telecom today published a joint article in opposition to the FCC’s proposed new rules for broadband privacy protection . . . The Messaging, Malware and Mobile Anti-Abuse Working Group similarly warned that the rules as currently framed could inadvertently undermine cooperation and communication needed to secure the web from malware, viruses and hackers online. . . "