All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
This document provides a template for designing an enforcement process to use when an organization becomes aware of objectionable content being hosted on its network and determines that it requires a takedown. This objectionable content might fall under – but may not necessarily be limited to – the organization’s policies and applicable regulations.
Many organizations and individuals register domains without an immediate intent to use these domains or to use them in a limited context. These domains (or subdomains) are not meant to send or receive email traffic. For instance, a domain can be registered to prevent a bad actor from acquiring and abusing the domain, known as a defensive registration. These domains are “parked.” In other instances, the domain or subdomain is used exclusively to contain a website with no email service enabled. This document provided general updates to the 2015 document and removed items that are no logner relevant. (pending Japanese translation update)
This document focuses on domain management. It outlines how to protect brands from threat actors who are keen to register domains that mimic a brand in order to steal information and/or assets.
This document is not legal advice. M3AAWG strongly suggests that readers work with their company’s legal counsel or avail themselves of independent legal advice regarding their rights, responsibilities and obligations relevant to prevailing legal jurisdictions.
There are a number of scenarios in which senders may be required or compelled to send a bulk message despite the fact that such messages are highly likely to exhibit poor delivery metrics such as increased bounces or complaints. These messages are not intended to be used for standard marketing or transactional notices; these are the exceptions to the rule. Prominent examples of high-risk sends would be items such as breach notifications, product recalls, health and safety notices, or other notifications that might need to be sent to individuals who have been previously been suppressed or unsubscribed.