All the M3AAWG email reports and bot metrics reports are available from the M3AAWG Reports page in this section.
All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
1
These best practices and white papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
PDF
March 13, 2015
M3AAWG Best Common Practices for the Use of a Walled Garden, Version 2.0
These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.
PDF
February 17, 2015
M3AAWG Sender Best Common Practices, Version 3.0
This document gives an overview of the current best common practices for sending commercial electronic messaging, focusing on the technical and practical policy aspects of these operations. The goal of these practices is to promote and enhance the transparency of senders maintaining legitimate messaging so that both individual recipients and mailbox providers are more easily able to distinguish legitimate messaging from messaging abuse.
PDF
December 01, 2014
TLS for Mail: M3AAWG Initial Recommendations
M3AAWG recommends three basic measures, including turning on opportunistic TLS, that messaging providers can implement relatively quickly to enhance the security and privacy of their users’ mail.
PDF
August 23, 2012
M3AAWG Network Address Translation Best Practices: The Implications of Large Scale NAT for Security Logging
Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems.
PDF
November 15, 2011
MAAWG Vetting Best Common Practices (BCP)
ESPs take on significant risk every time a new customer sends email. A bad client can undermine the sending reputation for the ESP’s other clients as well as inflict abuse at recipient domains. This paper reviews some vetting practices to avoid these problems.