- M3AAWG Messaging playlist on YouTube
- Selected Training Videos (also available on www.youtube.com/maawg)
- Selected Keynote Videos (also available on www.youtube.com/maawg)
1
Below are the M3AAWG published materials related to our messaging anti-abuse work. There is also a Messaging video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
Best Practices
PDF
February 07, 2016
M3AAWG Unicode Abuse Overview and Tutorial
Provides background on the use of Unicode characters in the abuse context with a tutorial on the options to curtail that abuse.
PDF
January 31, 2016
M3AAWG Initial Recommendations for Using Forward Secrecy to Secure Data
Opportunistic encryption is one step in protecting email traffic between messaging providers but it might not be sufficient unless forward secrecy is also employed for the connection. This document explains why forward secrecy is necessary and provides guidance for implementing it.
PDF
August 26, 2015
M3AAWG Mobile Messaging Best Practices for Service Providers - Updated August 2015
These industry best practices are intended to help mitigate the abuse of mobile messaging (i.e., SMS, MMS and RCS), including text messaging and connected services. The guidelines outlined here will assist service providers and vendors in maintaining practical levels of trust and security across an open, globally-interconnected messaging environment. Updated August 2015.
PDF
July 08, 2015
M3AAWG Initial Recommendations for Addressing a Potential Man-in-the-Middle Threat
Even though opportunistic encryption protects messages during transmission from sender to receiver, it is still possible for a Man-in-the-Middle (MITM) attacker with a self-signed certificate to impersonate the intended destination. This brief document describes the MITM situation, outlines various methods bad actors can use to conduct MITM attacks, covers components for deterring these attacks and introduces DANE (DNS-based Authentication of Named Entities), a new technology to assist messaging providers in validating they are communicating with an intended destination when using SSL/TLS.
PDF
June 30, 2015
Anti-Phishing Best Practices for ISPs and Mailbox Providers, Version 2.01, June 2015
This document was jointly developed by the Anti-Phishing Working Group (APWG) and M3AAWG with technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses. It also includes practices to respond constructively when these attacks occur. Version 2.01 updates the anti-phishing best practices originally published in 2006.
Pages
Public Policy Comments
September 17, 2010
MAAWG Comments on National Broadband Plan Recommendation to Create a Cybersecurity Roadmap
MAAWG comments were submitted in response to U.S. Federal Communications Commission recommendations in September 2010.
The U.S. FCC’s Public Safety and Homeland Security Bureau (PSHSB) requested comment on the creation of a Cybersecurity Roadmap. The plan would identify vulnerabilities to communications networks or end-users and develop countermeasures and solutions in preparation for, and response to, cyber threats and attacks in coordination with federal partners.
July 19, 2010
MAAWG Response to National Strategy for Trusted Identities in Cyberspace
MAAWG offered comments on the U.S. Department of Homeland Security’s strategy in July 2010
The U.S. Department of Homeland Security’s draft plan is focused on maintaining a secure cyberspace, which is critical to the health of the economy and national security. It outlines how the federal government might address the recent and alarming rise in online fraud, identity theft, and misuse of information online.
March 31, 2010
MAAWG Comments on ARIN Draft Policy 2010-3 “Customer Confidentiality”
MAAWG submitted comments in March 2010. As recommended by MAAWG and others, ARIN changed course on this topic.
The initial draft policy would have allowed ISPs to hide the true customer of a domain name. The revised Version 2 policy that was implemented recognized the need for the customer name to remain in the SWIP and RWHOIS information.
Pages
M3AAWG Reports
DM3Z Blog
Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group
None at this time.
News
News Releases
HTML
May 21, 2010
MAAWG Provides Free Messaging Security Training: Releases DKIM Implementation Tutorial By Leading Experts, Invites Industry to Previously Closed Training Courses
HTML
May 18, 2010
MAAWG Hosts GSMA Security Group in Europe Industry Meeting Attacks Spam Across Platforms, Promotes International, Industry-wide Cooperation
Pages
Articles About M3AAWG
PDF
September 22, 2016
News from Identifier Technology Health Indicators (ITHI)
https://www.icann.org/news/blog/news-from-identifier-technology-health-i...
. . ."First, ICANN will organize another ITHI workshop at the M3AAWG meeting in October in Paris."
PDF
June 08, 2016
EXPERTS TO FCC: CHANGE COURSE ON BROADBAND PRIVACY RULES INDUSTRY GROUPS AND EXPERTS AGREE: THE FCC MUST CHANGE COURSE ON BROADBAND PRIVACY
Fixed Wireless Internet Service Providers Association
http://www.wispa.org/News/wispa_news_06-08-16_Experts_to_FCC
"A coalition of industry groups including WISPA, CTA, CTIA, and US Telecom today published a joint article in opposition to the FCC’s proposed new rules for broadband privacy protection . . . The Messaging, Malware and Mobile Anti-Abuse Working Group similarly warned that the rules as currently framed could inadvertently undermine cooperation and communication needed to secure the web from malware, viruses and hackers online. . . "
Pages
Videos
