The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) 59th General Meeting will take place in Brooklyn, NY, October 9 -12, 2023. Experts in fighting online abuse will provide the latest on emergent technologies and industry research and policies. Members can also join committee working sessions and roundtable discussions to share their expertise. Take a look at what's happening in Brooklyn!

Keynote – Dr. Matthew Dunn: AI Solutions Adopted in Email
Dr. Matthew Dunn, the founder of Campaign Genius, will speak at M3AAWG's 59th General Meeting about the adoption of Artificial Intelligence (AI) solutions in email. With over three decades of experience leveraging the latest technologies to communicate, Dr. Dunn will offer perspectives on the current state of AI as well as a view of the future. Dr. Dunn has been a startup CEO, Fortune 1000 Senior Vice-President and CIO, Microsoft veteran, consultant, technology standards organization Executive Director, and university professor. He guest authored our blog earlier this month, and it's a great read prior to Brooklyn!

Inclusive Leadership – Dr. Brenda J. Allen
M3AAWG and the Diversity and Inclusion Committee are offering members a chance to connect and grow with multiple sessions led by Dr. Brenda J. Allen, Professor Emerita and former Vice Chancellor for Diversity and Inclusion at the University of Colorado Denver and Anschutz Medical Campus
Dr. Allen. will lead the M3AAWG Board of Directors, Committee Chairs, and Expert Advisors in a session titled "Inclusive Leadership." Dr. Allen will also speak to all in attendance during the opening of the meeting and facilitate a discussion on diversity, identity, and communication. And you can check out her guest blog published earlier this month on our website.

The Emerging Regulatory Environment for Artificial Intelligence in the USA
This important session aims to explain how the regulatory environment around AI is shaping up in the U.S. By examining Executive action, enforcement activities, and policy statements from regulators, this session will provide information on rapidly evolving standards.
Speaker: D. Reed Freeman Jr. (ArentFox Schiff LLP)

Phishing Landscape 2023: A Multi-Year Study of the Scope and Distribution of Phishing
Findings and recommendations from Interisle Consulting's 2023 Phishing Landscape report will be presented to include whether phishers were operating at the same registry, registrar, or web hosting services year after year, and how phishing has evolved over a three-year period.
Speaker: Dave Piscitello (Interisle Consulting Group)

ESP Reputation Scores: A Deep Dive
This session will take a close look at the design, development, and implementation of a reputation score at a major Email Service Provider (ESP). The session will also explore the data behind the score and how scores can be used to optimize deliverability, improve abuse detection, and enhance the overall observability of your platform's email traffic.
Speaker: Luke Martinez (Twilio SendGrid)

DANE SMTP in practice (2023)
Domain Name System-based Authentication of Named Entities (DANE) SMTP has been with us for over eight years and continues to grow. This session will review the current state of adoption and discuss implementation strategies and tools to ensure trouble-free operation.
Speaker: Viktor Dukhovni

Towards Data Collection Practices and Metrics for Effective Phishing Website Detection
Public phishing datasets do not reflect today's phishing landscape and lack a common method for creation. This session will explore new data collection methods designed specifically for use with Machine Learning (ML) for phishing website classification. The session introduces four different metrics to compare collection strategies, paving the way to quantitatively evaluate datasets.
Speaker: Gabriel Loiseau (Vade)

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
This discussion explores how email forwarding, and its implementations, can break the implicit assumptions in widely deployed anti-spoofing protocols. Using large-scale empirical measurements of 20 email forwarding services, a range of security issues rooted in forwarding behavior were identified. These issues can be combined to evade existing anti-spoofing controls.
Speaker: Enze "Alex" Liu (UC San Diego)

Two Case Studies in Identifying Risk: Social Media and Financial Apps
The first case study describes the online social media environment as the de facto town square where we engage in discussion with friends and family, shop, and find news. These engagements may include abusive messages. Current methods for identifying abusive messages will be presented, along with findings from current research.
The second case study looks at the growing role digital technologies play in exacerbating financial abuse for survivors of intimate partner violence (IPV). Advanced technological attacks are rare in IPV cases, as abusers are usually bound by standard user interfaces (UI-bound). This presentation provides a six-step approach to identify focus areas and determine the capacity to facilitate UI-bound attacks.
Speaker: Damon McCoy (New York University)

DMARC - State of the State Debate
It has been 10 years since the Domain Message Authentication Reporting and Conformance (DMARC) work was first brought to the Internet Engineering Task Force (IETF) with hopes of standardization. As the DMARC document nears completion, discussions are still taking place on how issues will be addressed. The speakers on this panel will lay out the arguments, not only speaking to the technical issues but also explaining the policies and principles that underlie the decisions the IETF is undertaking.
Debaters: Pete Resnick (Episteme Technology Consulting LLC); Seth Blank (Valimail)

Raising the Bar: How Changes to Authentication Requirements and Standards Affect the Email Ecosystem
Mailbox providers are taking stronger stances around what authentication is required before mail can be delivered to users. They are expected to continually raise the bar. While authentication is foundational to abuse prevention, it is not yet broadly deployed. This panel will assume you already understand why authentication is important and explores what the receivers are doing to raise the bar, and what you need to know to avoid being caught on the wrong side.
Speakers: Alex Brotman (Comcast); Lili Crowley (Yahoo); Emanuel Schorsch (Google)

What Malware Does When We're Not Looking, and What This Means For Anti-Malware Tools
The first large-scale study of malware samples that change their behavior when executed on different hosts or at different times will be presented, using data from 5.6 million hosts. The presenters demonstrate how malware with such "split personalities" may confound the current techniques for analysis and detection. Unique insights will be shared that illustrate what the security industry can gain by monitoring malware behavior ethically and at scale, on real hosts.
Speaker: Tudor Dumitras

PTR Naming Conventions
This is a follow-up session to the ORT discussions in Dublin covering DNS pointer record (PTR) naming conventions and if there is a need for a standard to be reviewed. The discussion could cover a range from Message Transfer Agents (MTAs) to Mail Exchanger (MX), to web hosts and Virtual Private Servers (VPS).
Speaker: Steven Champeon (Enemieslist)
 

More than 50 Sessions at the 59th General Meeting

M3AAWG will host over 50 sessions in Brooklyn. Members can find the entire agenda and registration link on the M3AAWG Upcoming Meeting page. Registration closes October 4, 2023, at 5:00p.m. PT.

Members are invited to join the global trusted forum that brings the industry together to help fight and prevent online abuse at our 59th General Meeting! Members and non-members are invited to submit topics for future meetings at https://www.m3aawg.org/submissions.

Full meeting agendas are confidential for M3AAWG members. Permission was granted by session speakers to promote the sessions described here.