Home Best Practices

These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

PDF
March 31, 2017

M3AAWG Describes Costs Associated with Using Crypto

This document describes the budget and other costs associated with using cryptography to help make informed decisions when deploying encryption.

PDF
March 31, 2017

M3AAWG Password Managers Usage Recommendations

Most users struggle to manage a large number of usernames and passwords.  While password managers have both proponents and detractors, these recommendations reflect the general consensus of the industry.

PDF
March 15, 2017

M3AAWG Initial Recommendations: Arming Businesses Against DDoS Attacks

Distributed Denial of Service attacks continue to be a major concern. This guide helps businesses prepare for DDoS attacks and, as a side benefit, some of these same techniques can also help businesses that suddenly see a large increase in legitimate customer web traffic.

PDF
February 28, 2017

M3AAWG Password Recommendations for Account Providers

Passwords are used virtually everywhere.  This document provides password requirement recommendations for ISPs and other providers and briefly describes the risk model of using passwords to provide authorized or secure access to resources. It aims to improve end-user security by encouraging strong passwords.

PDF
February 20, 2017

M3AAWG Multifactor Authentication Recommendations

While passwords are the default solution for securing users' accounts today, they have many shortcomings and most can be easily cracked.  M3AAWG believes the time has come for providers to require multifactor authentication, instead of simple passwords, to enhance protection of services with a history or substantial risk of account compromise. 

Pages