Home Best Practices

These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

May 18, 2023

M3AAWG Present and Future of the Public Suffix List

This document describes the PSL, explains its current strengths and limitations, and outlines some possible future enhancements. Most importantly, though, the community must step up and help to make sure it continues to exist. 

May 12, 2023

M3AAWG Ransomware Active Attack Response Best Common Practices

This document addresses the options available if you realize that you are a victim of a Ransomware attack. It explains how to consider risks and alternatives in resolving the recovery and supporting continuity for your business, and how to tackle those issues. 

February 10, 2023

M3AAWG Help! I Hit a Spam Trap!

The Senders Committee has created this document in an effort to help Email Service Providers (ESPs) mitigate the consequences of hitting spam traps. The document provides details on what spam traps are, the impact they have on mailings, and includes suggestions on ways to use spam trap feedback to improve customers’ sending practices, thereby minimizing future spam trap hits. In this document, “customer” refers to the organization using the ESP to send emails. 

September 19, 2022

M3AAWG Objectionable Content Takedown Template

(M3AAWG Objectionable Content Takedown Template Checklist)

(M3AAWG Objectionable Content Takedown Diagram - Download to Personalize)

This document provides a template for designing an enforcement process to use when an organization becomes aware of objectionable content being hosted on its network and determines that it requires a takedown. This objectionable content might fall under – but may not necessarily be limited to – the organization’s policies and applicable regulations.

June 27, 2022

M3AAWG Protecting Parked Domains Best Common Practices Update 2022-06

Many organizations and individuals register domains without an immediate intent to use these domains or to use them in a limited context. These domains (or subdomains) are not meant to send or receive email traffic. For instance, a domain can be registered to prevent a bad actor from acquiring and abusing the domain, known as a defensive registration. These domains are “parked.” In other instances, the domain or subdomain is used exclusively to contain a website with no email service enabled. This document provided general updates to the 2015 document and removed items that are no logner relevant.   (pending Japanese translation update)