Home Best Practices

These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

February 21, 2022

M3AAWG Brand Protection Kit Domain Management

This document focuses on domain management. It outlines how to protect brands from threat actors who are keen to register domains that mimic a brand in order to steal information and/or assets. 

September 13, 2021

M3AAWG Disposition of Child Sexual Abuse Materials Best Common Practices

This document is not legal advice. M3AAWG strongly suggests that readers work with their company’s legal counsel or avail themselves of independent legal advice regarding their rights, responsibilities and obligations relevant to prevailing legal jurisdictions.

December 14, 2020

M3AAWG Best Practices for Sending Mandated Emails to Large Audiences

There are a number of scenarios in which senders may be required or compelled to send a bulk message despite the fact that such messages are highly likely to exhibit poor delivery metrics such as increased bounces or complaints. These messages are not intended to be used for standard marketing or transactional notices; these are the exceptions to the rule. Prominent examples of high-risk sends would be items such as breach notifications, product recalls, health and safety notices, or other notifications that might need to be sent to individuals who have been previously been suppressed or unsubscribed.

November 09, 2020

Exploring the Impact of Nonhuman Interactions on Email Send Metrics

Received email may not be handled only by a human. It may be partially or even fully handled by a software program. The purpose of this document is to offer guidance to marketing and sales staff about the way that nonhuman interactions (NHI, also known as “automated clicks”) affect the performance metrics of their email messages and reporting systems. This document is not intended to solve issues, but rather to provide insights into the effects of NHI and offer some best practices for senders.

September 01, 2020

M3AAWG Email Authentication Recommended Best Practices

This document recommends a set of best practices for authenticating email messages using the security protocols Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting & Conformance) DMARC and Authenticated Received Chain (ARC). (Another security protocol, SMTP authentication, meaning the presentation of credentials during the submission of a message by a Mail User Agent (MUA) or Mail Submission Agent (MSA) to a Mail Transfer Agent (MTA) serves a different purpose and is outside the scope of this document.)