M3AAWG actively seeks to provide the necessary technical and strategic guidance to protect end-users’ online experience as government, Internet and public policy agencies worldwide develop new Internet policies and legislation. Working to reduce the spread of spam, bots and malware, M3AAWG has submitted comments on these proposals:
M3AAWG has submitted comments on the Further Notice of Proposed Rulemaking (FNPRM), Federal Communications Commission (FCC) 22-72, CG Dockets No. 21-402 concerning Targeting and Eliminating Unlawful Text Messages and No. 02-278 concerning Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 released on March 17, 2023. M3AAWG is urging the FCC to defer to the industry’s demonstrated technical expertise in managing unwanted and illegal messaging.
M3AAWG has submitted Comments focused on technical recommendations in response to the UK government's request for Review of the Computer Misuse Act 1990: consultation and response to call for information. These comments provide recommendations supporting efforts to tackle online abuse and cybercrime while respectfully urging the UK government to liaise with key security and anti-abuse groups including M3AAWG and its partner organizations as well as key UK-based and international industry stakeholders.
The Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) has submitted comments in response to the National Institute on Standards and Technology (NIST) Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework (CSF Concept Paper), released on January 19, 2023. As discussed in the Comments, M3AAWG generally supports the proposals outlined in the CSF Concept Paper. However, M3AAWG urges NIST to consider the impact of proposals that could potentially dilute the usefulness of a framework originally developed to focus on critical infrastructure cybersecurity risks and needs.
Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) supports the U.S. Federal Trade Commission’s (FTC) proposed rulemaking as part of its current mission in protecting the public from deceptive or unfair business practices to include a critical role in protecting consumers from ongoing and increasing impersonation schemes targeting businesses and governments alike. M3AAWG suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation. M3AAWG notes that the investigation of impersonation schemes requires cooperation and information from many entities. Specifically, WHOIS information is vital to the investigation of impersonation scams. The Comment identifies best practices to tackle impersonation scams, including the validation of commercial senders, DNS mitigation steps, and adoption of trusted notifier relationships to facilitate abuse reporting.
M3AAWG states that while spoofing is common in U.S. voice communications, originating number spoofing is extremely rare in U.S. text messaging, and the originating service provider is also almost always well known. This is due to voluntary industry agreements and operational checks currently in place in the U.S. These voluntary agreements and checks are effective - they ban and block the delivery of messages from not only spoofed but also invalid, unassigned, and unallocated phone numbers. M3AWWG's comments explain how the industry's current anti-spoofing safeguards work and state that they are effective.
