These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
Outlining practices used during trial evaluations of messaging anti-abuse products or services, this document provides recommendations on processes and techniques to accurately determine a particular solution’s effectiveness. The March 2019 version includes recommendations affected by newer technology, such as cloud services, and other updates.
Cyber criminals are increasingly turning to Web-based messaging systems to transmit their content. Yet, there are many techniques to prevent or mitigate these attacks and this document details the Best Common Practices for protecting these messaging systems. This Version 1.1 has been updated additional suggestions for managing the collection, storage and indenxing of data, a new section on multifactor authentication and other changes.
A discussion on improving non-deliverability status notices to better identify abuse issues, this document has been updated with minor changes for clarity and to simplify the text.
To minimize the risk of active DKIM keys being compromised, they should be changed frequently. This document was updated in March 2019 and discusses why keys should be rotated, how frequently they should be rotated, and suggests the best common practices for doing so.
Flow Specification (Flowspec) is a new type of Network Layer Reachability Information (NLRI) for the BGP routing protocol. It was originally developed to help mitigate DDoS attacks but its use has expanded to numerous other applications.