All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
Phishing continues to be a significant problem for hosting companies, mailbox providers, brand owners and, of course, for every internet user. This document iinforms all of these groups on the best current practices for reporting phishing URLs.
This document focuses on defining malicious domain names and provides a non-exhaustive list of possible actions that can be taken to address them.
M3AAWG Recommendations: Methods for Sharing Dynamic IP Address Space Information with Others-Updated May 2018 (2008)
Although M3AAWG recommends blocking outbound port 25 traffic as the best option for controlling the flow of unwanted email traffic from an ISP’s customer space, such blocks may not always be possible, either for the short or long term. This document offers some alternatives for these ISPs by describing methods they can use to share their dynamic space information with others and allow remote sites to reject inbound mail traffic from dynamic address space.
Updated in March 2018, this document addresses problems associated with compromised user accounts. It discusses mitigation techniques and methods of identifying compromised accounts, including recommendations to ensure the long-term security of accounts to prevent “re-compromise.”
Nearly all email systems, including those of Email Sender Providers and network operators, at some point have delivery issues because their sending IPs or domains are on a blocklist. This document shares established procedures defining how to triage and respond to a blocklisting to assist in a timely and effective resolution. Version 1.0.1 was updated in February 2018.