San Francisco, July 31, 2014 – Responding to the billions of spam text messages sent each year, the new M3AAWG Mobile Messaging Best Practices for Service Providers just released by the Messaging, Malware and Mobile Anti-Abuse Working Group offers industry guidelines to better protect end-users. The best practices are intended to improve operator security in an increasingly open, globally interconnected messaging environment.
Faced with escalating volumes of mobile spam as the cost to send text messages continues to fall, many service providers are looking for more effective defense techniques that are also compatible with global connectivity needs. The new document, released today at the M3AAWG India Anti-Abuse Working Group meeting in New Delhi, outlines the latest approaches to curbing text, mobile and application-to-person messaging abuse, including SMS, MMS and RCS services.
“As texting becomes less expensive and more accessible with Internet technologies like text-enabled landline accounts, we’re increasingly seeing criminals turning text spam into an illicit money-making machine at the expense of consumers. Mobile abuse is rising significantly. These new best practices incorporate a decade of experience in fighting email and mobile abuse in M3AAWG and outline techniques specific to mobile messaging that can help protect service providers’ networks from being exploited,” said Alex Bobotek, M3AAWG Vice Chairman.
The best practices focus on three areas: service design practices, defensive strategies, and abuse detection and mitigation techniques. Key strategies to mitigate text message spam include making abuse less profitable, developing agile defenses and using diverse methods to increase the penetration resistance of an operator’s defenses.
Among other guidelines, the best practices recommend:
- Preventing automatic account creation and requiring secure authentication, such as a government-issued identification, when opening new end-user accounts.
- Limiting the number of messages new accounts can send at one time and monitoring the black market for the sale of bulk end-user accounts.
- Monitoring and limiting spam endorsements (spamprogration), especially when an application sends invites or suggested downloads to end-users’ contact lists without their permission.
- Providing user feedback options with a “This Is Spam” button, using the 7726 (spells “spam” on a mobile keyboard) reporting system or an alternative mechanism.
- Participating in industry abuse information-sharing forums to stay current on the latest mobile messaging attack techniques.
The M3AAWG Mobile Messaging Best Practices for Service Providers are available from the M3AAWG website at www.m3aawg.org/mobilemessagingbp.pdf or from the site’s Activities tab under the Published Documents section at http://www.m3aawg.org/published-documents.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
# # #
Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications
M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Mailchimp; Orange (NYSE and Euronext: ORA); PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; BAE Systems Detica; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Litmus; McAfee Inc.; Mimecast; Nominum, Inc.; Oracle; Proofpoint; Scality; Spamhaus; Sprint; Symantec and Twitter.
A complete member list is available at http://www.m3aawg.org/about/roster.