Messaging

San Francisco, March 20, 2013 – Emphasizing the need for more cooperative cybersecurity efforts across platforms, the Messaging, Malware and Mobile Anti-Abuse Working Group will continue with a diverse leadership structure for 2013.  Alex Bobotek of AT&T and Chris Roosenraad of Time Warner Cable will continue as M³AAWG Co-Chairmen with Michael O’Reirdan of Comcast continuing as a Board member and M³AAWG Chairman Emeritus.

Michael Adkins will remain as vice chairman with M³AAWG Executive Director Jerry Upton serving as the Board secretary. Anthony Purcell was also re-elected treasurer during the February 21 Board elections held at the M³AAWG 27^th General Meeting in San Francisco. 

Last year M³AAWG expanded from its original mission of fighting spam to a broader charter that includes the urgent problems of confronting malware and fighting abuse on mobile platforms.  It works to protect end-users by sharing information across platforms, developing best practices and educating policy makers on relevant operational issues.

“Whether on a smartphone or a computer, malware can ravage users and cause extensive damage across networks.  The best way to safeguard end-users today is to cut through the operational silos that have developed in the industry and leverage our cybersecurity knowledge across platforms and among diverse areas of expertise, ” Roosenraad said.

Both Bobotek and Roosenraad served as M³AAWG co-chairmen in 2012 and as co-vice chairmen for the two previous years, providing continuity as the organization evolves with the changing industry.  Bobotek, AT&T Lead of Messaging Anti-Abuse Architecture and Strategy, will also continue as a co-chair of the Technical Committee where he has helped develop programs to fight mobile abuse for several years.  Roosenraad, Time Warner Cable Director of Systems Engineering, previously was a co-chair of the Technical Committee and of the Program Committee.

M³AAWG Senior Technical Advisors Richard Clayton, Ph.D.; Dave Crocker; David Dagon, Ph.D.; John Levine, Ph.D.; April Lorenzen; and Joe St Sauver, Ph.D. were reappointed. The advisors are experts with in depth knowledge in specific areas and assist the committees in their work.  The committees are responsible for developing best practices and other work to fight online abuse. 

The committee chairs appointed by the Board for 2013 are:

• Academic Committee, which was recently formed to bring the latest research to M³AAWG members, Co-Chairs Manos Antonakakis, Ph.D., of Damballa and Joe St Sauver
• Awards Committee co-chaired by Purcell and Neil Schwartzman, CAUCE
• Brand SIG Co-Chairs Mike Hammer, AG Interactive; and Franck Martin, LinkedIn
• Collaboration Committee Co-Chairs Christine Borgia, Return Path; Angela Knox, Cloudmark; and Sara Roper, CenturyLink
• M³AAWG meeting Open Round Tables session chair Jordan Rosenwald, Comcast
• Program Committee Co-Chairs Dennis Dayman, Eloqua; Len Shneyder, Message Bus; and Jamie Tomasello, CloudFlare
• Public Policy Committee Co-Chairs Frank Ackermann, eco–Association of the German Internet Industry; Chris Boyer, AT&T; and Rudy Brioche, Comcast
• Senders SIG Co-Chairs Andrew Barrett of iContact and Tara Natanson of Constant Contact
• Technical Committee Co-Chairs Alex Bobotek; Chris Barton, Cloudmark; Paul Ferguson, Internet Identity; and Matthew Steele, Symantec
• Training Committee Co-Chairs Kurt Andersen, LinkedIn; and Sam Masiello, CAUCE

The committees also develop educational and information-sharing sessions on emerging issues for M³AAWG meetings held three times a year.  The organization’s annual European meeting will be held in Vienna, Austria, June 3-6, and will feature training courses and three multi-track days of speakers, confidential industry dialogue, public policy reports and working committee sessions.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; CloudFare; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Bus; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster. 

San Francisco, Feb. 20, 2013 – A bot believed to have netted $14 million in illicit profits has been turned into a golden learning opportunity, yielding important insights into how the online community can best alert and assist customers with infected systems.  Georgia Tech researchers on Tuesday announced the results of a study based on the industry’s response to the DNS Changer Trojan and shared recommendations to help curb future malware outbreaks at a presentation during the M³AAWG 27^th General Meeting in San Francisco.

The DNS Changer Remediation Study identified phone calls, billing notices and redirecting users to customized Web pages among the most effective methods to notify customers that their systems were infected. Researchers Wei Meng and Ruian Duan, working under the supervision of Georgia Tech School of Computer Science Professor Wenke Lee, also found that “active” social media warnings were useful for enabling remediation. With this approach, sites such as Google directly informed users they were infected through their browser windows, a tactic that proved to be more effective in motivating users to disinfect their systems than passive warnings issued in general posts or news articles on social media platforms.

“Social media can have an important role to play in alerting users to infections in their systems and in stemming malware outbreaks.  We believe in the importance of implementing active, direct notifications earlier in the process,” Lee said.

The researchers looked at both various types of end-user alerts and network operators’ efforts to help customers disinfect their systems, including using walled gardens, DNS redirection, anti-virus software and malware removal tools. Part of the challenge facing the industry from bots is determining how to notify users their systems have been compromised in a timely and credible manner, then assisting non-technical customers in remediating those machines, according to M³AAWG Co-Chairman Michael O’Reirdan.

O’Reirdan said, “The industry’s response to the DNS Changer malware clearly showed how well competitors and vendors can work together when users’ safety is on the line. It also was an extraordinary opportunity to objectively study the different approaches companies have developed to assist customers and to understand the important role each of us plays in safeguarding the online experience. The active involvement of anti-malware and security tool vendors, social media platforms, law enforcement, operating system vendors and home networking technology vendors has been shown to be crucial. In the end, it takes the entire Internet ecosystem working together to protect end-users.”

The data used in the study to determine infection and cleanup rates was provided anonymously from major ISPs around the world through the DNS Changer Working Group (DCWG) to the research team at the Georgia Tech Information Security Center (GTISC).  To identify the different types of notification and mediation techniques used, the researchers sent questionnaires asking network operators how they had alerted customers who were infected with the DNS Changer malware and the specifics around the remediation efforts employed by each ISP to assist customers in cleaning their machines.  An ISP that did not take any action in response to the malware became the baseline for measuring the effectiveness of the other approaches, according to Lee.

From 2007 to 2011, the DNS Changer Trojan hijacked Internet searches and re-routed the Web browsers of infected computers to fraudulent sites using the rogue DNS servers operated by the Rove Digital advertising network.  However, if the rogue DNS servers had been turned off when the allegedly responsible Estonians were arrested, infected end-users would not have been able to reach the Web.  The DCWG was a group formed to assist law enforcement in dealing with the potential end-user issues arising from the law enforcement action.  The DCWG also helped operate and monitor the “clean” DNS servers that were operated legally by the Internet Systems Consortium (ISC) under a U.S court order from November 2011 to July 2012.  As a result, instead of suddenly losing access to the Internet, millions of users were notified they were infected and needed to clean up their machines.

The complete DNS Changer Remediation Study is available on the M³AAWG website at /sites/maawg/files/news/GeorgiaTech_DNSChanger_Study-2013-02-19.pdf.  

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: pr@m3aawg.org

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and
Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.

San Francisco, Feb. 4, 2013 – As the DMARC authentication specification gains broader adoption, M³AAWG has released a free series of videos to help the industry implement and understand the value of the anti-phishing technology.  The M³AAWG DMARC Training Series provides almost two and half hours of instruction from DMARC.org technical experts, including information for both domain owners who want to protect their brands from “spoofing” and for ISPs or mailbox providers who want to protect end-users from fraudulent messages.

The M³AAWG DMARC Training Series includes six 15 to 40 minute segments originally presented as a training session by Michael Adkins, M³AAWG Co-Vice Chairman and DMARC.org member, and Paul Midgen, DMARC.org co-chair, during a M³AAWG meeting in October 2012.  The series provides general background on the DMARC (Domain-based Message Authentication, Reporting and Conformance) specification and its purpose, instruction on how to deploy the technology, and details on its reporting processes. 

The series also includes a breakout session addressing topics related specifically to domain owners and third parties who send email for other companies, and another breakout session focusing on ISP and mailbox provider issues. The videos emphasize practical considerations with Adkins and Midgen providing numerous examples.  The complete M³AAWG DMARC Training Series is available on the M³AAWG site under the Activities tab from the Training Videos page (/activities/maawg-training-series-videos).

“M³AAWG was instrumental in incubating the development of DMARC at its meetings and, now that the technology is in the adoption stage, continues to support the technology with the release of a comprehensive video training series. DMARC was developed to help brands and mailbox providers work together in identifying fraudulent messages. These videos are unique because they feature technical experts who helped develop DMARC explaining how to implement the technology for the best results,” said Trent Adams, Chair of DMARC.org.

AOL, Gmail, Hotmail, Yahoo! and other email receivers are using DMARC to protect end-users and brands. The technology incorporates the widely used SPF and DKIM specifications but also includes feedback, monitoring and debugging processes, according to Adams.

M³AAWG Co-Chairman Chris Roosenraad said,  “Glancing at a message’s content, it’s often impossible for users to figure out that an email which seems to be from their bank or a favorite store is actually a scam, an attempt by a criminal to defraud the user.  Spoofing, or impersonating a known brand in an email to trick users out of personal information or for other criminal aims, is a growing problem. We produced the video series because cooperative industry efforts like DMARC are essential to fighting this type of abuse and protecting users.”

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.

San Francisco, Jan. 30, 2013 – With the variety of devices in use today and the pervasive connectivity available to users, malware could easily get the upper hand on many networks without corrective measures.  The Feb. 19-21 M³AAWG 27th General Meeting in San Francisco will focus on helping the industry develop the necessary strategies to protect end-users from the latest messaging abuses, whatever the abuse vector or device that is targeted. 

The Messaging, Malware and Mobile Anti-Abuse Working Group meeting will offer six sessions focusing specifically on emerging mobile malware and security issues along with presentations on computer bot research, international cybersecurity efforts, social media issues and other topics.  There will also be three tracks of security-related training on Feb. 18.

Recognizing the need for cross-industry cooperation within the messaging industry, M³AAWG works to foster an environment where experts from all areas of cybersecurity can share their experience and learn from each other. Sessions at the meeting will explore the challenge of protecting online advertising, present a DNS Changer Working Group study, offer practical spam trap tips, and provide an open dialogue between email service providers that send third party messages and ISPs, along with other topics. Among the mobile sessions, noted industry experts will discuss current Android viruses, abuse of mobile payment systems, and the evolution of mobile malware. 

“The malware on an end-user’s system might have been delivered through email, an SMS with a link to a drive-by website, a tainted mobile app or another vector.  But however it got there, it can be dangerous and costly to the user, and it can have devastating and far-reaching effects on other networks and users.  To effectively tackle malware, we need to share information, both across areas of expertise and across international borders,” said Alex Bobotek, M³AAWG Co-Chairman.

AllThingsD.com Co-Executive Editor Kara Swisher will keynote the meeting, sharing her perspective on how the Internet has changed since she began covering technology for both The Washington Post and The Wall Street Journal and where she sees the industry going in the near future.  The Electronic Frontier Foundation’s International Freedom of Expression Coordinator Eva Galprin will also offer a keynote presentation on the status of Syrian malware.

Emphasizing the international aspect of fighting abuse, Dr. Victoria Baines, strategic advisor on cybercrime at the European Police Office (EUROPOL) in The Hague, will elaborate on Project 2020, a range of activities to enhance online security including common threat reporting, strategic foresight exercises, policy guidance and capacity building. In another session, a panel will discuss the state of spam and industry outreach efforts to share best practices in the BRIC countries (Brazil, Russia, India and China).

The Monday training sessions (/activities/training) will cover machine learning, analysis of anti-abuse data, encryption, and an end-to-end process for sharing data within the security community.  Speakers at the meeting will also address methods to defend against DDoS attacks, the social media spam marketplace, URL redirection and issues of online bullying, along with working sessions to develop best practices.

The San Francisco meeting is the only Silicon Valley event M³AAWG will host this year.  Its European meeting will be in Vienna, Austria in June and its October East Coast meeting in Montreal, Canada.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.m3aawg.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; Message Bus; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.

San Francisco, Nov. 6, 2012 [Updated: Dec. 11, 2013] – With the recently revealed ability to spoof email from companies that are using an outdated, weak encryption key to authenticate their email, the Messaging, Malware and Mobile Anti-Abuse Working Group is urging companies to adjust their DKIM processes immediately to improve end-user safeguards and today issued new best practices that specifically address the vulnerability.  M³AAWG is calling on business enterprises to replace previously secure 512- and 768-bit verification keys with 1024-bit and higher encryption, among other recommendations to better validate the authenticity of who is sending an email.

“We’ve developed a short, succinct paper that explains the relatively simple and immediate steps large-scale senders can take to safeguard their brands in response to recent concerns about some levels of key encryption and usage. Technology is advancing, and to keep pace with hackers, the industry needs to revisit its practices in light of their expanding capabilities. We want to get the word out on the quick changes companies can make to protect consumers and their brands against this issue,” Chris Roosenraad, M³AAWG Co-Chairman said.  

“M³AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability,” details the technical steps that address the current vulnerabilities and is available in the Published Documents section of the organization’s website at www.maawg.org/published-documents. The recommendations include:

• Updating to a minimum 1024-bit key length.  Shorter keys can be cracked in 72 hours using inexpensive cloud services
• Rotating keys at least twice per year [1]
• Setting signatures to expire after the current key rotation period and revoking old keys in the DNS
• Using the key test mode only for a short time period and revoking the test key after the ramp-up
• Implementing DMARC in monitoring mode and using DNS to monitor how frequently keys are queried. DMARC (Domain-based Message Authentication, Reporting and Conformance) is another standard often used in conjunction with DKIM  
• Using DKIM rather than Domain Keys, which is a depreciated protocol
• Working with any third parties hired to send a company’s email to ensure they are adhering to these best practices

DKIM is a widely accepted standard used by businesses, governmental agencies, large email provider services and other entities that allows an organization to claim responsibility for sending a message in a way that can be validated by a recipient.  For example, email services, such as AOL, Gmail and Yahoo, and commercial brands implement the standard as part of their messaging protocol. It includes an encrypted key in the message headers that ISPs and other receivers use to verify the message actually was sent by the referenced company. 

Implementing DKIM makes it more difficult for criminals to forge illegitimate emails that are made to look like they came from a recognized company, a ruse that is often used to steal personal identity information from unsuspecting users.  In late October, Wired journalist Kim Zetter reported that many companies were using weak encryption keys and other questionable practices as part of their DKIM implementation that could expose their email to this potential spoofing by cybercriminals.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

#  #  #

[1] NOTE: When the Best Practices document was published in 2012, it recommended that DKIM keys be rotated quarterly.  Subsequent research, resulting in a more detailed M³AAWG Best Common Practices document on the topic of key rotation, updated this recommendation to rotate keys at least twice per year.  For more information on best practices for DKIM key rotation, see: /sites/maawg/files/news/M3AAWG_DKIM_Key_Rotation_BP-2013-12.pdf 

Media Contact: Linda Marcus, APR, +1-714-974-6356, LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; Symantec; Trend Micro, Inc.; and Twitter.

A complete member list is available at /about/roster.

Baltimore, Oct. 24, 2012 – A cooperative international report available today outlines Internet and mobile best practices aimed at curtailing malware, phishing, spyware, bots and other Internet threats, and provides a thorough review of current and emerging threats.  “Best Practices to Address Online and Mobile Threats” is a comprehensive assessment of Internet security as it stands today and explains in non-technical language the proactive steps that can help mitigate risks, according to the report’s two major contributors, the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) and the London Action Plan (LAP).

The report is also one of the first global efforts to encourage governments to deploy best practices, which are more often associated with businesses.  It focuses on four major areas of concern: malware and botnets, social engineering and phishing, IP and DNS exploits, and mobile threats.  To encourage government participation, it has been presented to the 34-member country OECD (Organisation for Economic Cooperation and Development) for review.

“Best Practices to Address Online and Mobile Threats” draws on the tactics that have proven effective over the past decade to reduce online risks, then augments these with forward-thinking recommendations for emerging vulnerabilities, such as mobile text spam and Web abuse.  The comprehensive report is available on the websites of several organizations including at /sites/maawg/files/news/M3AAWG_LAP_Best_Practices_to_Address_Online_and_Mobile_Threats.pdf, http://www.londonactionplan.com/files/reports/Best_Practices_to_Address_Online_and_Mobile_Threats_(Oct_2012).pdf and http://www.cauce.org/2012/10/best-practices-report.html. 

“As a globally cooperative effort, the report brought together an unprecedented team of experts who outlined safe computing tactics in uncomplicated, accessible language for end-users, large and small businesses, and governments.  This is also one of the first efforts to update industry recommendations recognizing that public agencies are important online enterprises, and just as companies need to implement best practices, so do governments,” Alex Bobotek, M³AAWG co-chairman said. 

The international community collaboratively stepped up to generate the report in a public-private partnership led by Andre Leduc, manager, national anti-spam coordinating body at the Department of Industry Canada.  Industry experts from M³AAWG, LAP and other organizations, such as CAUCE (Coalition Against Unsolicited Commercial Email), contributed to it.

Online threats are evolving as Internet and mobile technologies play a more vital role in many business models, attracting cybercriminals who target users on popular platforms such as laptops, tablets, smartphones and other handheld devices.  As the Internet economy grows, implementing the best practices detailed in the report will help reduce illegal activities such as spam, phishing, malware and spyware distribution, botnet deployment, the redirection of Internet traffic to malicious websites and denial of service attacks.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

About the London Action Plan (LAP)

The LAP is a 45-member organization of law enforcement agencies and industry participants focused on fighting spam and other online threats. The LAP conducts regular teleconferences and an annual meeting.  Its most recent meeting, held in London, England, in October 2012 included participants from Europe, Asia, North America and Europe.

Media Contact: Linda Marcus, APR, +1-714-974-6356, LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); McAfee Inc.; Message Systems; Mimecast; Nominum, Inc., Proofpoint; Scality; Spamhaus; Sprint; Symantec; Trend Micro, Inc.; and Twitter.

A complete member list is available at /about/roster.