All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
Many list web forms provoke an email confirmation to the subscriber's email address provided in the form but malicious entities are now using this feature to do bulk form submissions with forged addresses that flood the subscriber’s inbox. M3AAWG members collaborated across the industry to propose a header as an initial step that hosting and sending companies can implement to help protect against these attacks. The header allows receivers to identify floods of mail coming from sign-up forms that are bombarding victim mailboxes.
This document covers best practices on how to properly construct and maintain an SPF record, common errors and some unintended consequences. It is targeted at those with a basic understanding of the purpose and usage of SPF.
Many thousands of individual Distributed Denial-of-Service attacks take place each day. While many of these are relatively small, they are sufficient to take unprepared sites offline and threaten connectivity over large regions of the internet. It is in everyone’s interest to take all possible precautions to thwart these damaging DDoS attacks. This paper provides an overview of how this very common form of attack works, what measures can be taken to help eliminate it and pointers to some of the many technical documents that can provide more detail. Also see the video Understanding and Preventing Reflective DDoS Attacks with M3AAWG Senior Technical Advisor Dr. Richard Clayton of Cambridge University explaining reflective DDoS attacks and some of the actions the industry can take to protect against them.
Most users struggle to manage a large number of usernames and passwords. While password managers have both proponents and detractors, these recommendations reflect the general consensus of the industry.