Home Malware

Below are the M3AAWG published materials related to our work on preventing and mitigating malware. There is also a Malware video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.

Best Practices

PDF
August 26, 2015

M3AAWG Mobile Messaging Best Practices for Service Providers - Updated August 2015

These industry best practices are intended to help mitigate the abuse of mobile messaging (i.e., SMS, MMS and RCS), including text messaging and connected services. The guidelines outlined here will assist service providers and vendors in maintaining practical levels of trust and security across an open, globally-interconnected messaging environment. Updated August 2015.

PDF
June 30, 2015

Anti-Phishing Best Practices for ISPs and Mailbox Providers, Version 2.01, June 2015

This document was jointly developed by the Anti-Phishing Working Group (APWG) and M3AAWG with technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses.  It also includes practices to respond constructively when these attacks occur. Version 2.01 updates the anti-phishing best practices originally published in 2006.

PDF
June 08, 2015

Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats

Written in plain language by M3AAWG and the London Action Plan (LAP), Operation Safety-Net outlines the current and emerging threats faced by consumers, businesses and governments with recommended best practices to address these threats. For a brief overview of the document, see the brochure explaining the global depth and breadth of these best practices in the Supporting Documents section from the For the Industry menu tab.

PDF
March 16, 2015

M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

System abuse drains time and revenue for hosting and cloud providers, who must maintain constant vigilance to make sure their systems are not compromised and ensure that their customers are vigilant. This document categorizes types of abuse, suggests appropriate responses and reviews practices for dealing with customers and complaints. It provides current best common practices in use with the hosting, DNS and domain registration provider communities.

PDF
March 13, 2015

M3AAWG Best Common Practices for the Use of a Walled Garden, Version 2.0

These updated best practices outline the criteria for exit, entry, remediation and subscriber education when using a walled garden to remediate virus and bot infections in subscriber devices.

Pages

Public Policy Comments

October 18, 2018

ICANN GDPR and WHOIS Users Survey

A joint survey conducted by the Anti-Phishing Working Group (APWG) and M3AAWG looks at how cyber investigators use WHOIS data and how the European Union’s General Data Protection Regulation (GDPR) has affected their anti-abuse efforts. The letter from M3AAWG and survey are also available on the ICANN site at https://www.icann.org/en/system/files/correspondence/upton-to-marby-et-a...

April 25, 2018

Temporary Access Method for Non-Public Whois Data, and accompanying accreditation policy points

Submitted jointly by the Anti-Phishing Working Group (APWG), M3aawg and First, this document describes a short-term method for authorized parties to access non-public WHOIS data via designated IP addresses.

April 13, 2018

WHOIS Tiered Access and Accreditation Program

M3AAWG submitted these short comments to ICANN stating that an expert group from the Anti-Abuse community should be created to facilitate the certification of qualified applicants from the security field.

July 14, 2016

Using Generic Top Level Domain Registration Information (WHOIS Data) in Anti-Abuse Operations

WHOIS information plays a key role in determining where to report instances of abuse involving domain names. This paper explains some of the important WHOIS elements used to fight spam, phishing, malware distribution and other threats.

Pages

M3AAWG Reports

DM3Z Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

None at this time.

News

Articles About M3AAWG

HTML
October 07, 2019

Technology, law, and the world to protect the Internet: Interview with the standards organization JPAAWG


https://www.atmarkit.co.jp/ait/articles/1910/07/news010.html
Japan Anti-Abuse Working Group (JPAAWG) launched in May 2019 and works with M3AAWG to focus on Internet security in Japan. ITmedia spoke with Mr. Shuji Sakuraba and Mr. Nobuhiro Suemasa of JPAAWG about the group’s work, including collaboration with M3AAWG.

HTML
October 03, 2019

AI’s Place in Preventing Piracy


https://www.cablefax.com/technology/rough-seas-ais-place-in-preventing-piracy
Cable operators are working to prevent disruptions to their networks caused by the streaming of pirated content and DDoS attacks. The article calls out CableLabs’ work with M3AAWG on the DDoS Information Sharing Project.

HTML
October 02, 2019

Is a DMARC policy really right for everyone?


https://www.valimail.com/blog/dmarc-enforcement-for-everyone/
Valimail makes the case for DMARC enforcement and notes that M3AAWG recommends enforcement as a deliverability best practice.

URL
September 03, 2019

Solving extreme email deliverability mysteries


https://postmarkapp.com/podcast/solving-extreme-email-deliverability-mysteries
Anna Ward, Postmark’s head of deliverability, discusses her path to becoming an email deliverability expert and the impact of being a part of the M3AAWG community on her work.

Pages

Subscribe to