Home News Updated M3AAWG Best Practices for Senders Urge Opt-In Only Mailings, Address Sender Transparency and Data Security

San Francisco, March 10, 2015 To improve the effectiveness of their campaigns, marketers should only use opt-in processes in building their lists and obtain recipients’ permission before sending messages, according to the updated M3AAWG Senders Best Common Practices, Version 3.0, released today by the Messaging, Malware and Mobile Anti-Abuse Working Group.  The revised document also recommends using technologies that provide better transparency into the originating sender to help reduce phishing attacks and addresses data security issues. 

The M3AAWG Senders Best Common Practices, Version 3.0 offers the only industry-wide recommendations based on the experience of both senders of high-volume marketing emails, such as email service providers and brands, and the network operators that deliver those messages to end users, including Internet service providers and mailbox providers.  The document reflects currently accepted industry practices to protect the email ecosystem from abuse and help bulk mail senders improve deliverability by developing marketing lists with fewer junk mail rejections, implement safer mailings, and better manage recipients’ unsubscribe requests. 

“While the laws on obtaining users’ permission to send commercial email vary around the world, these best practices are based on tangible industry experience ­– on what works and what is problematic in getting marketing emails delivered to recipients.  Laws are necessary to define what high-volume senders can and can’t do within a jurisdiction.  These best practices outline what they should do operationally to help improve email deliverability and to operate as a good citizen of the global Internet community,” said Michael Adkins, M3AAWG Chairman of the Board.

Among the recommended practices outlined in the document:

  • In building lists, marketers should never add recipients to an email list without their knowledge and permission.
  • Using a “single opt-in” process that requires recipients to check a box or otherwise proactively request commercial emails from the sender is acceptable.  However, the best option is a “double opt-in” process that involves sending recipients a confirmation message with a link or other instructions to verify they want to be added to the list before sending any marketing messages.
  • Email appending or “epending,” the illicit process of taking known demographic information and using various methods to determine an end user’s email address, is never acceptable.
  • Unsubscribing from a list should be simple and direct.  The recipient’s email address and the specified subscribed list should be built into the unsubscribe link in a message or included on a self-serve subscription management website, among other acceptable methods.
  • Data security procedures should be not be overlooked simply because a list might only contain email addresses; reliable names and addresses are highly valuable to cybercriminals.
  • Sender transparency, or clearly indicating who is responsible for sending the message, is critical to identifying and reducing messaging abuse.  Senders need to maintain current IP and domain information in WHOIS, an Internet directory widely referenced by network operators for crucial information about the sender of a message.  Email authentication technical specifications such as DKIM and DMARC also help ISPs identify phishing emails; i.e., fraudulent messages that appear to come from recognizable brands or organizations but are intended to steal end users’ personal information.

The revised Version 3.0 of the M3AAWG Senders Best Common Practices provides technical details on these processes and also covers important considerations in vetting ESP customers and determining whether to use dedicated or shared IP addresses in sending their mail.  The document also delves into technical processes for choosing appropriate DNS and HELO names, handling non-deliverable messages and working with feedback loops for receiving information on complaints, and other topics.

Available on the M3AAWG website in the Best Practices section, Version 3.0 is an extensive update. It includes new technologies and methodologies that have gained acceptance in the industry since the previous document was published in 2008. 

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Pr@m3aawg.org

M3AAWG Board of Directors and Sponsors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Listrak; Mailchimp; Message Systems; Orange (NYSE and Euronext: ORA); PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact/Vocus; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Level 3; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; Proofpoint; Spamhaus; Sprint; Symantec; and Twitter.

A complete member list is available at http://www.m3aawg.org/about/roster.

Exibition Type: