Skip to Content

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Aug 13, 2014

M3AAWG has a long history of featuring diverse keynotes as part of its members-only meetings, with speakers ranging from noted cybersecurity journalist Brian Krebs to General David B. Warner of the U.S. Air Force Space Command (AFSC) to Canadian Privacy Commissioner Jennifer Stoddart, among others.

At the M3AAWG 30th General Meeting in San Francisco last February, members got to hear from another interesting individual, Mr. Ladar Levison. Mr. Levison was the owner/operator of a smaller, privacy-focused email service that was known as Lavabit.  You may never have heard of Lavabit, but it was an encrypted email service used by over 400,000 users, including Edward Snowden, the highly publicized NSA whistleblower.   

Mr. Levinson's keynote address tells the story of what happened to him and Lavabit when the government wanted access to one of Lavabit's customer's email at virtually any cost – including the privacy and security of over 400,000 other users of that service. It is a story that's well worth hearing, regardless of how you may feel about Edward Snowden's own disclosures.   

While many M3AAWG keynotes are limited solely to members, given public interest in all things related to Edward Snowden, M3...

Messaging, Public Policy
Jul 15, 2014

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. The nomination process is simple, open to anyone, and free of charge. To be considered for the October 2014 J. D. Falk Award, nominations must be completed by 5 September, 2014.

This year’s program marks the third presentation of the M3AAWG J. D. Falk Award. Past winners include Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (2013), and FBI Supervisory Special Agent Thomas Grasso (2012). Warner is credited with developing a university lab project into one of the world’s preeminent training programs for cyber intelligence analysts. Grasso led the DNS Changer Working Group, assembling a partnership of industry, government and academic experts to organize a response to a global malware...

Aug 12, 2013

M3AAWG was formed almost ten years ago over concerns that email, one of the Internet’s two “killer apps” at the time, might collapse due to out-of-control volumes of spam. Fortunately today, even with vastly more spam bombarding the networks, our operator members report they’re now able to stop about 90 percent of abusive messages before they reach users’ inboxes, per our email metrics reporting program.

From this real-world perspective, it has become clear that one of the most effective tools in the ongoing fight against spam and malware has been the voluntary adoption of the proven methodologies outlined in industry best practices.  The Internet community’s greatest resource in confronting online threats has always been the dedicated, unsung heroes who successfully battle spammers and other cybercriminals as part of their daily jobs then come together in associations like M3AAWG to share and distribute their knowledge in these documents and white papers.  Like many industry organizations, we have worked hard to foster a trusted, vetted environment suitable for sharing timely threat information and have developed a process to distill industry experience on what works and what doesn’t,...

Public Policy, spam
Jul 12, 2013
Suresh Ramasubramanian's picture

Concerned about malware and spam in India, one of the fasting growing online markets in the world?  Do you have connections with Internet companies in the region or are you associated with an Internet company in India? 

We invite you and your colleagues to the latest Indian Anti-Abuse Working Meeting on August 4 in Mumbai, India, hosted by M3AAWG with sponsorship from Afilias.  This is the second in a (hopefully) long series of working meetings where we at M3AAWG plan to engage closely with our counterparts in the Indian messaging, ISP, data center, cellular carrier and email marketer industries.

The upcoming M3AAWG meeting will be held back-to-back with SANOG (, the largest ISP network operations conference in the South Asian region.  We have an agenda that is being actively developed and includes speakers such as:

·   Animesh Bansriyar, Cloudmark Security Architect, presenting on mobile anti-abuse mitigation...

May 19, 2013

Over the past few years, and particularly these past six months, there’s been an uptick in abused systems and abusive clients taking up residence on systems in hosting and data centers. To expedite a community effort in remediating some of these attacks, we have launched a new M3AAWG Hosting SIG with these initial activities:

  • Developing best practices: Hosting companies have a different business model that demands specific types of approaches, and it is critical to bring together people with expertise and up-to-date experience in the hosting business. We plan to review historical documents as a potential starting point for the discussion on a new set of best practices developed with the full participation of the sector’s stakeholders.
  • Working sessions at upcoming M3AAWG meetings:  We are organizing some Birds of a Feather lunch meetings during the M3AAWG General Meeting this June in Vienna and at our October meeting in Montreal.  We invite interested parties to join us as we begin discussions on the best practices document and in defining future needs. 

We are approaching this important work in true M3AAWG collaborative...

May 07, 2013

Since the public launch of the DMARC specification in January 2012 (, DMARC has become a highly requested topic for discussion and training at M3AAWG meetings. With the benefit of several Round Table and main session tracks at our meetings in San Francisco and Berlin, along with numerous presentations at other industry forums, DMARC experts Michael Adkins and Paul Midgen brought their accumulated experience to the 26th M3AAWG conference in Baltimore in October 2012. 

Their training seminar is a now available as a video series on the M3AAWG website and covers:

  • What is DMARC?
  • Is DMARC right for my domain/users/usage?
  • How do I implement DMARC?

There are sections of the seminar that address the needs of receivers, and others that focus on what senders need to know. The session also covers the reporting aspect of DMARC, which is a key element to allow implementers to gain the insights necessary to safely consider any receiver-actionable levels in the DMARC spectrum.

The two-and-a-half hour training session has been broken up into more manageable lengths for web viewing.  You can find the videos at:...

Syndicate content