Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.
M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.
M3AAWG Network Address Translation Best Practices: The Implications of Large Scale NAT for Security Logging
Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems.
ESPs take on significant risk every time a new customer sends email. A bad client can undermine the sending reputation for the ESP’s other clients as well as inflict abuse at recipient domains. This paper reviews some vetting practices to avoid these problems.
This paper briefly discusses how an DNS attack works, the impact of this threat, proposes a solution and discusses the advantages and disadvantages from a technical, business and regulatory standpoint
Public Policy Comments
MAAWG submitted comments in March 2010. As recommended by MAAWG and others, ARIN changed course on this topic.
The initial draft policy would have allowed ISPs to hide the true customer of a domain name. The revised Version 2 policy that was implemented recognized the need for the customer name to remain in the SWIP and RWHOIS information.
Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group
None at this time.
MAAWG Hosts GSMA Security Group in Europe Industry Meeting Attacks Spam Across Platforms, Promotes International, Industry-wide Cooperation
Consumers Don’t Relate Bot Infections to Risky Behavior As Millions Continue to Click on Spam; MAAWG 2010 Email Security Consumer Survey Expands to North America and Western Europe
Articles About M3AAWG
Representatives of the United Kingdom's independent authority set up to uphold information rights in the public interest report on their work with members of UCENet at a four day event hosted by the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) in Paris.
. . . dealt with by internet governance organisations such as ICANN (Internet Corporation for Assigned Names and Numbers), the UN-backed Internet Governance Forum, Internet Engineering Task Force, and the Messaging Anti Abuse Working Group.
". . . I plan to take advantage of the opportunity to network with first responders, law enforcement and cybercrime forensic professionals from Europe and Eastern Europe. APWG and similar conferences (e.g., Messaging, Malware and Mobile Anti–Abuse Working Group – M3AAWG) are venues where the IS SSR team is most successful in building trust relationships and promoting participation in ICANN's multistakeholder community."
EXPERTS TO FCC: CHANGE COURSE ON BROADBAND PRIVACY RULES INDUSTRY GROUPS AND EXPERTS AGREE: THE FCC MUST CHANGE COURSE ON BROADBAND PRIVACY
Fixed Wireless Internet Service Providers Association
"A coalition of industry groups including WISPA, CTA, CTIA, and US Telecom today published a joint article in opposition to the FCC’s proposed new rules for broadband privacy protection . . . The Messaging, Malware and Mobile Anti-Abuse Working Group similarly warned that the rules as currently framed could inadvertently undermine cooperation and communication needed to secure the web from malware, viruses and hackers online. . . "