These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
Flow Specification (Flowspec) is a new type of Network Layer Reachability Information (NLRI) for the BGP routing protocol. It was originally developed to help mitigate DDoS attacks but its use has expanded to numerous other applications.
In marketing terms, “appending” – also known as "e-appending" or "e-pending" – is the practice of taking demographic information known (or assumed) to be related to a particular customer and matching it with other data. It is the position of M3AAWG that this is an abusive messaging practice. The January 2019 Version 1.0.1 is updated to include the European Union's GDPR and CASL.
Phishing continues to be a significant problem for hosting companies, mailbox providers, brand owners and, of course, for every internet user. This document iinforms all of these groups on the best current practices for reporting phishing URLs.
This document focuses on defining malicious domain names and provides a non-exhaustive list of possible actions that can be taken to address them.
M3AAWG Recommendations: Methods for Sharing Dynamic IP Address Space Information with Others-Updated May 2018 (2008)
Although M3AAWG recommends blocking outbound port 25 traffic as the best option for controlling the flow of unwanted email traffic from an ISP’s customer space, such blocks may not always be possible, either for the short or long term. This document offers some alternatives for these ISPs by describing methods they can use to share their dynamic space information with others and allow remote sites to reject inbound mail traffic from dynamic address space.