Home Best Practices

These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.

PDF
February 20, 2017

M3AAWG Multifactor Authentication Recommendations

While passwords are the default solution for securing users' accounts today, they have many shortcomings and most can be easily cracked.  M3AAWG believes the time has come for providers to require multifactor authentication, instead of simple passwords, to enhance protection of services with a history or substantial risk of account compromise. 

PDF
August 12, 2016

M3AAWG Best Current Practices For Building and Operating a Spamtrap, Ver. 1.2.0

Updated in August 2016 as Version 1.2.0, this document is for spamtrap operators who generally use data generated from spamtraps for purposes such as research, evidence collection, infected machine mitigation or mail list leakage and list quality control.

PDF
July 14, 2016

Using Generic Top Level Domain Registration Information (WHOIS Data) in Anti-Abuse Operations

WHOIS information plays a key role in determining where to report instances of abuse involving domain names. This paper explains some of the important WHOIS elements used to fight spam, phishing, malware distribution and other threats.

PDF
June 15, 2016

M3AAWG Introduction to Traffic Analysis

M3AAWG outlines the key characteristics of traffic analysis attacks, discusses potential ways to avoid them, and considers the advantages and disadvantages of deploying preventative measures.

PDF
February 07, 2016

M3AAWG Best Practices for Unicode Abuse Prevention

With the advent of International Domain Names, Internationalized Top-Level Domains and Email Address Internationalization there will be an increase in the legitimate usage of Unicode characters and an increase in the potential for its abuse as well. This document provides best practices to curtail the potential Unicode abuse.

Pages