Skip to Content
Home » DM3Z

DM3Z
Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

May 19, 2013
Announcing New Hosting SIG to Tackle Abuse Issues
by Michael O'Reirdan

Over the past few years, and particularly these past six months, there’s been an uptick in abused systems and abusive clients taking up residence on systems in hosting and data centers. To expedite a community effort in remediating some of these attacks, we have launched a new M3AAWG Hosting SIG with these initial activities:

  • Developing best practices: Hosting companies have a different business model that demands specific types of approaches, and it is critical to bring together people with expertise and up-to-date experience in the hosting business. We plan to review historical documents as a potential starting point for the discussion on a new set of best practices developed with the full participation of the sector’s stakeholders.
  • Working sessions at upcoming M3AAWG meetings:  We are organizing some Birds of a Feather lunch meetings during the M3AAWG General Meeting this June in Vienna and at our October meeting in Montreal.  We invite interested parties to join us as we begin discussions on the best practices document and in defining future needs. 

We are approaching this important work in true M3AAWG collaborative...

Read more…
Leave a comment
abusive hosting clients, best practices, hosting
best practices, Hosting SIG, meetings, Montreal, new work, Vienna
May 07, 2013
Hands-On with DMARC (Domain-based Message Authentication, Reporting & Conformance)
by Kurt Andersen

Since the public launch of the DMARC specification in January 2012 (http://www.dmarc.org), DMARC has become a highly requested topic for discussion and training at M3AAWG meetings. With the benefit of several Round Table and main session tracks at our meetings in San Francisco and Berlin, along with numerous presentations at other industry forums, DMARC experts Michael Adkins and Paul Midgen brought their accumulated experience to the 26th M3AAWG conference in Baltimore in October 2012. 

Their training seminar is a now available as a video series on the M3AAWG website and covers:

  • What is DMARC?
  • Is DMARC right for my domain/users/usage?
  • How do I implement DMARC?

There are sections of the seminar that address the needs of receivers, and others that focus on what senders need to know. The session also covers the reporting aspect of DMARC, which is a key element to allow implementers to gain the insights necessary to safely consider any receiver-actionable levels in the DMARC spectrum.

The two-and-a-half hour training session has been broken up into more manageable lengths for web viewing.  You can find the videos at:...

Read more…
Leave a comment
authentication, DMARC, Training, video
Training
Oct 17, 2012
Abuse Contacts in the RIR’s WHOIS - Solved?
by Tobias Knecht

The idea of informing network owners’ abuse departments about malicious incidents is not new, but still a very effective and the most inexpensive way of letting people in charge know that there is something wrong in their own network (http://www.ietf.org/rfc/rfc2142.txt).  Actually, it is one of the best methods to help enforce security on the Internet in a self-regulating way.  The industry has propagated data sharing and global reporting of spam and other network incidents for years, yet has often been struggling due to the inability of finding the responsible points of contact in the RIR’s (Regional Internet Registry’s) WHOIS.

For example, the automatic and manual discovery of an abuse contact for a RIPE registered number resource is not really an easy task these days. The logic you need to parse through all the related WHOIS objects is sometimes more than inconvenient. There are too many possible places where an abuse contact can be published. It can be an IRT Object (Incident Response Team) or maybe an abuse-mailbox attribute in an IRT Object, or in any other object or even in a remark field in any given object. Since one resource can have more than one object, it happens that you get more...

Read more…
Leave a comment
Abuse Reporting, RIPE, WHOIS
Oct 16, 2012
You Are Now Entering the Disabuse Messaging, Malware and Mobile Zone
by Jerry Upton

We have a saying in M3AAWG:  What goes on at M3AAWG, stays in M3AAWG.  Anyone who has attended one of our meetings knows that we work hard to create an environment of respect and confidentiality.  We see our organization as a forum where the anti-abuse industry can come together to address both current and evolving issues in a candid, productive dialogue. 

Yet, much of what we do in M3AAWG is also publicly accessible.  We make our technological expertise widely available to the industry in the commentary we provide on government and public policy initiatives. We partner and participate in other industry organizations, such as the U.S. FCC’s CSRIC, where many of our members were deeply involved in creating the first voluntary code for ISPs, the Anti-Bot Code of Conduct for Internet Service Providers (ABCs for ISPs). We contribute to global best practices and support anti-abuse efforts worldwide, such as a major presentation on bot issues M3AAWG Chairman Michael O’Reirdan made to the Organisation for Economic Co-operative Development (OECD) in 2011, with a second...

Read more…
Leave a comment
bots, cybersecurity, malware, spam
M3AAWG, MAAWG

The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.

Syndicate content