Home Best Practices

These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

February 15, 2015

M3AAWG Trust in Email Begins with Authentication

When email authentication mechanisms are applied, both the originating and receiving systems are able to correctly and reliably validate who is accountable for the message. This paper describes authentication techniques to aid in protecting business’ brands from forgery and phishing attacks and is intended for a general readership that has basic familiarity with Internet mail service. The Executive Summary also provides a one-page overview that can be used independently.

February 10, 2015

M3AAWG Disposition of Child Sexual Abuse Materials Best Common Practices

It is an unfortunate reality that Internet anti-abuse professionals are, from time to time, encountering child sexual abuse material in the course of their work. This document provides guidelines for these situations but is not legal advice. M3AAWG strongly suggests that readers work with their company’s legal counsel or avail themselves of independent legal advice regarding their rights, responsibilities and obligations relevant to prevailing legal jurisdictions.

December 01, 2014

TLS for Mail: M3AAWG Initial Recommendations

M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.

September 09, 2014

M3AAWG Policy Issues for Receiving Email in a World with IPv6 Hosts

In this paper, M3AAWG identifies some IPv6 anti-spam issues, provides recommendations to reduce abuse and offers an initial list of requirements for further technical work to address concerns within the broader Internet technical community.

August 28, 2014

M3AAWG Compromised User ID Best Practices

Addressing problems associated with compromised user accounts, this document discusses mitigation techniques and methods of identifying compromised accounts. It also includes recommendations to ensure the long-term security of accounts to prevent “re-compromise.”