All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
1
These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
PDF
January 31, 2018
M3AAWG Recommendations for Preserving Investments in New Generic Top-Level Domains (gTLDs)
Over a thousand new generic Top-Level Domains (gTLDs) have been, or are in, the process of being created under ICANN’s new gTLD program. This paper is written for current Registry operators and for companies interested in applying for new gTLDs, and outlines the risks and some relatively simple recommendations that can help correct these problems.
PDF
December 30, 2017
M3AAWG Recommendations for Senders Handling of Complaints
Email abuse rates can significantly affect a sender’s reputation and, consequently, its ability to deliver customers’ emails to the inbox. This paper explains some of the common processes senders can use to effectively manage and monitor email complaints and to help their customers, who are the list owners, develop healthy email practices that generate better results.
of email lists.
PDF
November 03, 2017
M3AAWG Recommendation on Web Form Signup Attacks
Many list web forms provoke an email confirmation to the subscriber's email address provided in the form but malicious entities are now using this feature to do bulk form submissions with forged addresses that flood the subscriber’s inbox. M3AAWG members collaborated across the industry to propose a header as an initial step that hosting and sending companies can implement to help protect against these attacks. The header allows receivers to identify floods of mail coming from sign-up forms that are bombarding victim mailboxes.
PDF
August 30, 2017
M3AAWG Best Practices for Managing SPF Records
This document covers best practices on how to properly construct and maintain an SPF record, common errors and some unintended consequences. It is targeted at those with a basic understanding of the purpose and usage of SPF.
PDF
July 31, 2017
M3AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability, Revised July 2017
Due to disclosed vulnerabilities associated with the use of short DKIM keys, organizations should review their DKIM email authentication implementation based on these best practices updated in July 2017. Also see a short video on this issue at the M3AAWG YouTube Channel (www.youtube.com/maawg).