Home Best Practices

These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

June 01, 2018

A M3AAWG Introduction to Addressing Malicious Domain Registrations

This document focuses on defining malicious domain names and provides a non-exhaustive list of possible actions that can be taken to address them.

May 01, 2018

M3AAWG Recommendations: Methods for Sharing Dynamic IP Address Space Information with Others-Updated May 2018 (2008)

Although M3AAWG recommends blocking outbound port 25 traffic as the best option for controlling the flow of unwanted email traffic from an ISP’s customer space, such blocks may not always be possible, either for the short or long term. This document offers some alternatives for these ISPs by describing methods they can use to share their dynamic space information with others and allow remote sites to reject inbound mail traffic from dynamic address space.

March 01, 2018

M3AAWG Compromised User ID Best Practices, Version 1.0.1

Updated in March 2018, this document addresses problems associated with compromised user accounts. It discusses mitigation techniques and methods of identifying compromised accounts, including recommendations to ensure the long-term security of accounts to prevent “re-compromise.”

February 28, 2018

M3AAWG Help – I’m On A Blocklist, version 1.0.1

Nearly all email systems, including those of Email Sender Providers and network operators, at some point have delivery issues because their sending IPs or domains are on a blocklist. This document shares established procedures defining how to triage and respond to a blocklisting to assist in a timely and effective resolution.  Version 1.0.1 was updated in February 2018.

January 31, 2018

M3AAWG Recommendations for Preserving Investments in New Generic Top-Level Domains (gTLDs)

Over a thousand new generic Top-Level Domains (gTLDs) have been, or are in, the process of being created under ICANN’s new gTLD program.  This paper is written for current Registry operators and for companies interested in applying for new gTLDs, and outlines the risks and some relatively simple recommendations that can help correct these problems.