Home Best Practices

These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

PDF
March 16, 2015

M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.

PDF
March 13, 2015

M3AAWG Best Common Practices for the Use of a Walled Garden, Version 2.0

These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.

PDF
February 17, 2015

M3AAWG Sender Best Common Practices, Version 3.0

This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.

PDF
December 01, 2014

TLS for Mail: M3AAWG Initial Recommendations

M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.

PDF
August 23, 2012

M3AAWG Network Address Translation Best Practices: The Implications of Large Scale NAT for Security Logging

Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems. 

Pages