Mobile

M3AAWG Announces 2013 Leadership for Fighting Malware and Mobile Abuse

San Francisco, March 20, 2013 Emphasizing the need for more cooperative cybersecurity efforts across platforms, the Messaging, Malware and Mobile Anti-Abuse Working Group will continue with a diverse leadership structure for 2013.  Alex Bobotek of AT&T and Chris Roosenraad of Time Warner Cable will continue as M3AAWG Co-Chairmen with Michael O’Reirdan of Comcast continuing as a Board member and M3AAWG Chairman Emeritus.

Michael Adkins will remain as vice chairman with M3AAWG Executive Director Jerry Upton serving as the Board secretary. Anthony Purcell was also re-elected treasurer during the February 21 Board elections held at the M3AAWG 27th General Meeting in San Francisco. 

Last year M3AAWG expanded from its original mission of fighting spam to a broader charter that includes the urgent problems of confronting malware and fighting abuse on mobile platforms.  It works to protect end-users by sharing information across platforms, developing best practices and educating policy makers on relevant operational issues.

“Whether on a smartphone or a computer, malware can ravage users and cause extensive damage across networks.  The best way to safeguard end-users today is to cut through the operational silos that have developed in the industry and leverage our cybersecurity knowledge across platforms and among diverse areas of expertise, ” Roosenraad said.

Both Bobotek and Roosenraad served as M3AAWG co-chairmen in 2012 and as co-vice chairmen for the two previous years, providing continuity as the organization evolves with the changing industry.  Bobotek, AT&T Lead of Messaging Anti-Abuse Architecture and Strategy, will also continue as a co-chair of the Technical Committee where he has helped develop programs to fight mobile abuse for several years.  Roosenraad, Time Warner Cable Director of Systems Engineering, previously was a co-chair of the Technical Committee and of the Program Committee.

M3AAWG Senior Technical Advisors Richard Clayton, Ph.D.; Dave Crocker; David Dagon, Ph.D.; John Levine, Ph.D.; April Lorenzen; and Joe St Sauver, Ph.D. were reappointed. The advisors are experts with in depth knowledge in specific areas and assist the committees in their work.  The committees are responsible for developing best practices and other work to fight online abuse. 

The committee chairs appointed by the Board for 2013 are:

  • Academic Committee, which was recently formed to bring the latest research to M3AAWG members, Co-Chairs Manos Antonakakis, Ph.D., of Damballa and Joe St Sauver
  • Awards Committee co-chaired by Purcell and Neil Schwartzman, CAUCE
  • Brand SIG Co-Chairs Mike Hammer, AG Interactive; and Franck Martin, LinkedIn
  • Collaboration Committee Co-Chairs Christine Borgia, Return Path; Angela Knox, Cloudmark; and Sara Roper, CenturyLink
  • M3AAWG meeting Open Round Tables session chair Jordan Rosenwald, Comcast
  • Program Committee Co-Chairs Dennis Dayman, Eloqua; Len Shneyder, Message Bus; and Jamie Tomasello, CloudFlare
  • Public Policy Committee Co-Chairs Frank Ackermann, eco–Association of the German Internet Industry; Chris Boyer, AT&T; and Rudy Brioche, Comcast
  • Senders SIG Co-Chairs Andrew Barrett of iContact and Tara Natanson of Constant Contact
  • Technical Committee Co-Chairs Alex Bobotek; Chris Barton, Cloudmark; Paul Ferguson, Internet Identity; and Matthew Steele, Symantec
  • Training Committee Co-Chairs Kurt Andersen, LinkedIn; and Sam Masiello, CAUCE

The committees also develop educational and information-sharing sessions on emerging issues for M3AAWG meetings held three times a year.  The organization’s annual European meeting will be held in Vienna, Austria, June 3-6, and will feature training courses and three multi-track days of speakers, confidential industry dialogue, public policy reports and working committee sessions.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; CloudFare; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Bus; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster

M3AAWG San Francisco Meeting Addresses Latest Messaging Security Ranging from Mobile Malware to DDoS Attacks

San Francisco, Jan. 30, 2013 – With the variety of devices in use today and the pervasive connectivity available to users, malware could easily get the upper hand on many networks without corrective measures.  The Feb. 19-21 M3AAWG 27th General Meeting in San Francisco will focus on helping the industry develop the necessary strategies to protect end-users from the latest messaging abuses, whatever the abuse vector or device that is targeted. 

The Messaging, Malware and Mobile Anti-Abuse Working Group meeting will offer six sessions focusing specifically on emerging mobile malware and security issues along with presentations on computer bot research, international cybersecurity efforts, social media issues and other topics.  There will also be three tracks of security-related training on Feb. 18.

Recognizing the need for cross-industry cooperation within the messaging industry, M3AAWG works to foster an environment where experts from all areas of cybersecurity can share their experience and learn from each other. Sessions at the meeting will explore the challenge of protecting online advertising, present a DNS Changer Working Group study, offer practical spam trap tips, and provide an open dialogue between email service providers that send third party messages and ISPs, along with other topics. Among the mobile sessions, noted industry experts will discuss current Android viruses, abuse of mobile payment systems, and the evolution of mobile malware. 

“The malware on an end-user’s system might have been delivered through email, an SMS with a link to a drive-by website, a tainted mobile app or another vector.  But however it got there, it can be dangerous and costly to the user, and it can have devastating and far-reaching effects on other networks and users.  To effectively tackle malware, we need to share information, both across areas of expertise and across international borders,” said Alex Bobotek, M3AAWG Co-Chairman.

AllThingsD.com Co-Executive Editor Kara Swisher will keynote the meeting, sharing her perspective on how the Internet has changed since she began covering technology for both The Washington Post and The Wall Street Journal and where she sees the industry going in the near future.  The Electronic Frontier Foundation’s International Freedom of Expression Coordinator Eva Galprin will also offer a keynote presentation on the status of Syrian malware.

Emphasizing the international aspect of fighting abuse, Dr. Victoria Baines, strategic advisor on cybercrime at the European Police Office (EUROPOL) in The Hague, will elaborate on Project 2020, a range of activities to enhance online security including common threat reporting, strategic foresight exercises, policy guidance and capacity building. In another session, a panel will discuss the state of spam and industry outreach efforts to share best practices in the BRIC countries (Brazil, Russia, India and China).

The Monday training sessions (/activities/training) will cover machine learning, analysis of anti-abuse data, encryption, and an end-to-end process for sharing data within the security community.  Speakers at the meeting will also address methods to defend against DDoS attacks, the social media spam marketplace, URL redirection and issues of online bullying, along with working sessions to develop best practices.

The San Francisco meeting is the only Silicon Valley event M3AAWG will host this year.  Its European meeting will be in Vienna, Austria in June and its October East Coast meeting in Montreal, Canada.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; Message Bus; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.

New Online and Mobile Best Practices Clarify Business and Governmental Security Tactics

Baltimore, Oct. 24, 2012 – A cooperative international report available today outlines Internet and mobile best practices aimed at curtailing malware, phishing, spyware, bots and other Internet threats, and provides a thorough review of current and emerging threats.  “Best Practices to Address Online and Mobile Threats” is a comprehensive assessment of Internet security as it stands today and explains in non-technical language the proactive steps that can help mitigate risks, according to the report’s two major contributors, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the London Action Plan (LAP).

The report is also one of the first global efforts to encourage governments to deploy best practices, which are more often associated with businesses.  It focuses on four major areas of concern: malware and botnets, social engineering and phishing, IP and DNS exploits, and mobile threats.  To encourage government participation, it has been presented to the 34-member country OECD (Organisation for Economic Cooperation and Development) for review.

Best Practices to Address Online and Mobile Threats” draws on the tactics that have proven effective over the past decade to reduce online risks, then augments these with forward-thinking recommendations for emerging vulnerabilities, such as mobile text spam and Web abuse.  The comprehensive report is available on the websites of several organizations including at /sites/maawg/files/news/M3AAWG_LAP_Best_Practices_to_Address_Online_and_Mobile_Threats.pdf, http://www.londonactionplan.com/files/reports/Best_Practices_to_Address_Online_and_Mobile_Threats_(Oct_2012).pdf and http://www.cauce.org/2012/10/best-practices-report.html

“As a globally cooperative effort, the report brought together an unprecedented team of experts who outlined safe computing tactics in uncomplicated, accessible language for end-users, large and small businesses, and governments.  This is also one of the first efforts to update industry recommendations recognizing that public agencies are important online enterprises, and just as companies need to implement best practices, so do governments,” Alex Bobotek, M3AAWG co-chairman said. 

The international community collaboratively stepped up to generate the report in a public-private partnership led by Andre Leduc, manager, national anti-spam coordinating body at the Department of Industry Canada.  Industry experts from M3AAWG, LAP and other organizations, such as CAUCE (Coalition Against Unsolicited Commercial Email), contributed to it.

Online threats are evolving as Internet and mobile technologies play a more vital role in many business models, attracting cybercriminals who target users on popular platforms such as laptops, tablets, smartphones and other handheld devices.  As the Internet economy grows, implementing the best practices detailed in the report will help reduce illegal activities such as spam, phishing, malware and spyware distribution, botnet deployment, the redirection of Internet traffic to malicious websites and denial of service attacks.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

About the London Action Plan (LAP)

The LAP is a 45-member organization of law enforcement agencies and industry participants focused on fighting spam and other online threats. The LAP conducts regular teleconferences and an annual meeting.  Its most recent meeting, held in London, England, in October 2012 included participants from Europe, Asia, North America and Europe.

Media Contact: Linda Marcus, APR, +1-714-974-6356, LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); McAfee Inc.; Message Systems; Mimecast; Nominum, Inc., Proofpoint; Scality; Spamhaus; Sprint; Symantec; Trend Micro, Inc.; and Twitter.

A complete member list is available at /about/roster.

M3AAWG Conduct Policy

Conduct Policy Updated and Approved by the M3AAWG Board of Directors June 6, 2024. Original policy Approved by the M3AAWG Board of Directors 1-11-2019

1. Overall Policy

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is dedicated to making our meetings and business open to all members and guests and to making it a safe place for all. We do not tolerate harassment of any kind. We insist that all participants, attendees and meeting staff always adhere to a civil demeanor. This includes refraining from inappropriate language, comments and behavior, in person or by electronic communications and/or public or semi-public social media.  In accordance with applicable law, M3AAWG prohibits sexual harassment and harassment because of race, color, gender, age, religion, disability, sexual orientation or any other basis protected by federal, state or local law.

Participants, attendees and staff who are being harassed, intimidated, or are dealing with otherwise improper behavior are encouraged to report it immediately to the M3AAWG Executive Director or other designated Board of Directors officer without fear of repercussion. It is the collective responsibility of everyone to speak up if you witness improper behavior and to report it immediately. You are empowered to politely engage when you or others are treated less than respectful and professional by colleagues.

2. How to get help addressing a violation

   a. Scenario: You feel unsafe

VenueExamples (but not limited to)Action
  • M3AAWG night out
  • Meeting hotel(s)
  • Meeting space
  • M3AAWG related social events
  • Touching or physical contact of any kind that is unwanted
  • Physical or verbal threats of any kind

 
 

  1. Contact local Law Enforcement: In the U.S. dial 911. Outside the U.S. see./health-and-safety
  2. Once you are safe, contact the M3AAWG Executive Director or designated Board Officer to report a Conduct Policy Violation
  3. During the night out, go to the designated Staff table for immediate assistance

   b.  Scenario: You experience or see a Conduct Policy violation that does not require immediate local Law Enforcement assistance

VenueExamples (but not limited to)Action
  • M3AAWG night out
  • Meeting hotel(s)
  • Meeting space
  • M3AAWG related social events
  • M3AAWG calls
  • Electronic communications or social media
  • Sexual harassment or harassment because of race, color, gender, age, religion, disability, sexual orientation
  • Inappropriate language, offensive, insulting or derogatory slurs, comments, remarks or behavior
  • Verbally aggressive, abusive or profane comments
  • Displaying or the electronic transmission of derogatory, lewd, offensive and unwelcomed materials or information

 
 
 

  1. Contact the M3AAWG Executive Director or designated Board Officer to report a Conduct Policy Violation
  2. During the night out, go to the designated Staff table for immediate assistance

 
 
 

3. How to Report a M3AAWG Code of Conduct Policy Violation

   a. Timing: Violation occurs during a M3AAWG meeting

ContactInformation to includeExpectations
  • Names and contact information are provided on the back of the meeting badges and at the registration desk for each meeting. 
  • Call or text Executive Director or designated Board Officer (24x7)
  • Email Executive Director

 
 

  • Name and Company of the violator, if known
  • Date, time and location of the violation
  • What was the violation
  • Other people involved in the incident
  • Any witnesses who would be willing to give a report, if needed
  • Any violations should be reported as soon as possible
  • The Executive Director or Board Officer will speak with you privately or together as appropriate
  • Refrain from discussing the incident with other members while it is under review
  • Violations will be addressed promptly and will include a post incident communication

 
 

    b. Timing: Violation occurs outside one of the three in-person M3AAWG meetings

ContactInformation to includeExpectations
  • Call or text the Executive Director or Designated Board Officer during normal business week / hours (M-F, 9:00 am - 5:00 pm CST)

 
 

  • Name and Company of the violator, if known
  • Date, time and location of the violation
  • What was the violation
  • Other people involved in the incident
  • Any witnesses who would be willing to give a report, if needed
  • Any violations should be reported as soon as possible
  • The Executive Director or designated Board Officer will speak with you privately or together as appropriate
  • Refrain from discussing the incident with other members while it is under review
  • Violations will be addressed promptly and will include a post incident communication

4. Enforcement

Anyone who is found to be in violation of this policy may be  subject to any one or more of  the following remedial actions, depending on the offense:

  • Warning
  • Immediate Removal
  • Meeting Suspension
  • Expulsion
  • Contacting of employer and/or legal authorities

Actions stronger than a warning or immediate removal will be taken at the discretion of the M3AAWG Board of Directors.

M3AAWG reserves the right to remove any participant or attendee at any time for any reason.

5. Social Events

The Conduct Policy also extends outside of the meeting rooms to include all areas of the meeting hotel and social gatherings sponsored by M3AAWG or M3AAWG member organizations.

Member organizations are expected to make sure all their employees and third-party event personnel who attend a social event are aware of and understand our Conduct Policy. All social events should have a designated safe area or designated safe people for addressing violations.  All violations reported at Social Events must be reported to M3AAWG.

Note: You can download this file below.