M3AAWG is exploring the historical journey that has shaped our organization for two decades. Each month in 2024, the pioneers of M3AAWG will appear in this blog to share our collective story. These are the trailblazers, the innovators, and the champions for action in M3AAWG!
This month’s interview is with Dennis Dayman. He has served on the Board of Directors for many years and in the past chaired the Senders Special Interest Group (SIG). He is currently serving as co-chair on the Public Policy, Abusive Takedown, Program, and Growth and Development committees. He is also an active member of the Awards committee.
Today, Dayman is the Chief Information Security Officer at Code42, a data loss protection, visibility and recovery solution. He chairs the U.S. Department of Homeland Security’s Policy Subcommittee on privacy requirements for information sharing and serves as an advisor to the Data Privacy and Integrity Committee. He is partnered in several ventures in the cybersecurity industry and mentors through programs supporting women in their career development and consulting executives. Dayman brings more than 30 years of experience combating spam, managing security and privacy solutions, conducting data governance and improving data flows.
Here is our interview with M3AAWG pioneer, Dennis Dayman.
How long have you been with M3AAWG?
I’ve been with M3AAWG since its inception in 2004 and just happened to be part of Verizon Online and the initial group that helped put M3AAWG together. Since then, I’ve had many different career roles from ISP’s, to sender platforms, email monitoring companies, to email security companies. Each time changing some of the work I was doing in M3AAWG towards a focus that was of interest and positive impact to that sector I was working in at that time.
What inspired you to engage and contribute to M3AAWG?
The biggest inspiration was helping create a process and ability for companies to be able to share intelligence data with each other in a safe environment. My work started in Newsgroups and Usenet and in my involvement in those also started the process in helping stop abuse issues which sometimes entailed sharing of data with others. When I moved to Verizon Online there was still a bit of dial up process occurring along with the continuing rollout of DSL. Because of the dial-up situation, that led to still having to investigate the source of abuse and or removing of fraudulent accounts. Some of those accounts would jump around the system once we booted them off and in other cases they would move to other providers. That began the need through back channels to notify other abuse personnel at other providers that we just removed an account and sharing of the “identifying” information so others could block these abusers from getting onto their network. The issue became that the attorney’s did not like the fact we were sharing this information with other companies in an “open” manner. Also, in sharing this information a lot of us had to identify best common practices that we would then want to share with others to help in unison stop abuses. One of those documents was the M3AAWG Best Common Practices for Managing Port 25 for IP Networks. At the time, Verizon Online, like many others, had unprotected SMTP relay servers. Spammers would abuse these servers causing us issues within the Internet community. Through M3AAWG inspection the community worked together to publish that document that would benefit all and in such a manner that all had a say.
What would you say M3AAWG’s most important contribution to the industry has been over the past 20 years?
The biggest one would be the global partnerships that we have built and supported over these recent years. Yes, our membership is VERY important to us, but one of the M3AAWG original premises wasn’t to go out and partner directly by region. We recently decided that not only did we want to support our members with meetings, best common practice documents, and much more, but we wanted to share and help other regions that could benefit from our learnings over these years. While we know the Internet knows NO bounds, we know that sometimes regional differences in how they train or have access to security knowledge could defer and in some ways for them not have proper access to these experiences we’ve already gone through as members. So, M3AAWG started to support regional organizations and help them start their own versions of M3AAWG, but with us assisting them and allowing them to run their organizations that best fit their needs. At the same time, we’ve asked and partnered with other existing security organizations to see how we can also assist them and be a part of their communities.
What would you consider to be the biggest change in M3AAWG from its early days to now?
The biggest change was how it was originally focused as an ISP/carrier focused organization and over time has grown to represent many different companies who support the Internet infrastructure and many different vertical spaces of services that consumers use. I recall that time when I left Verizon Online to join a little known company called Strongmail which was a transactional email solution that enabled marketers to take control of branding, content and promotional elements of event-triggered email. What I knew coming out of the ISP space is that I had been teaching senders how to send better email to consumers and that I would be doing the same things at Strongmail, but would want to build a library of best common practices for marketers to know and use. The best way for me to do this was to bring back to M3AAWG an idea in which the organization could help bring together receivers and senders to help define and support this new area to bring to consumers the emails they wanted and to help block out the ones they didn’t, thus defining who a good sender was and what defined a bad sender. At the time Ben Isaacson, my friend and Experian's Privacy and Compliance Leader, and I decided to team up as senders and were able to create back then the Senders special interest group (SIG). Since that time, the group has had many great leaders and documents from it helping M3AAWG members send and receive better email for the benefit of the consumers their services support. Today, M3AAWG members are represented from all different vertical spaces and have created some of the greatest knowledge bases we have today. M3AAWG has decided over these years to become one of the most inclusive groups in the security space.
What would you consider the most significant challenge M3AAWG has faced in its 20-year history?
The biggest challenge has to be how fast technology is moving forward and the speed that consumers adopt and use such technology. With the advent of mobile technologies, not only are consumers using technology at the speed of light, but so are the bad people in using those same technologies to harm the industry and consumers. This usually means we have little time to react to the changes and need to help create knowledge bases on what we need to do and address. Because of this, we regularly review requests for comments or other subject matter experts needs documents to help drive change that doesn’t stifle innovation, but helps build it with security/privacy by design processes. This also means that we constantly need to be looking at the data and sharing information with each other. This means not only do we have our regular face to face meetings, but need to hold calls and discuss via collaboration channels pretty much every day so we can react to the security issues all our members face.
What is one of your best memories or proudest moments with M3AAWG?
Wow, that is a tough one since we meet three (3) times a year in some of the most wonderful places. I have to first say, the places where we have our meetings are some of the most unique and beautiful places to hold our meetings. My family has usually joined us in some of these more unique places and those trips for them and myself have been some of the best. Having the opportunity to see and work with friends and colleagues in these locations are some of the best memories many of us have.
In terms of proudest, it has to be the outcome where M3AAWG published an Objectionable Content Takedown document. Sadly, on 15 March 2019, mass shootings occurred in consecutive terrorist attacks on two mosques in Christchurch, New Zealand. Video’s were illegally live streamed by the shooter and then re-published on social media and other hosting platforms. What occurred after that was nothing, but pure need and luck. One of our partner government agencies had at the time someone posted in New Zealand helping train their teams on some security and other issues. That person was pulled into the issues of stopping the illegally streamed video and removing the hosted content quickly from the Internet. Just so happened I received a call from that person in the middle of the night asking how we can use M3AAWG platforms to notify and work with its members to remove and block the content from members' platforms. We quickly sprung into action sending out alerts and notifications to those in charge of compliance issues at member companies. Since that time, we worked tirelessly and hard to publish guidance to help organizations deal with objectionable content on their networks moving forward. The checklist offers users guidance regarding prioritizing activities, communication with stakeholders, dealing with additional organizations that might also have the content, and investigating how the material got on the network. The document also addresses dealing with employee welfare dealing with these kinds of sensitive situations.
What role has M3AAWG played in your career?
M3AAWG has always played a critical role in my career due to the fact that the industry and vertical spaces we serve are always in flux when it comes to new security and compliance issues arising and at times how the regulatory space might be changing and impacting our businesses. M3AAWG allows me to stay in touch with these issues, participate in them, and at times work with M3AAWG to address them either through best common practices developed by the membership OR filing subject matter expertises to those looking at M3AAWG for thoughts. In most job postings these days we are beginning to see some companies asking for experiences in coalitions and M3AAWG sometimes is one of those that we see from time to time. It’s been a recognized organization lately. Also, the relationships that we garner here are also very important. At times we might need to find a contact at a specific company to address an issue and normally that can be very difficult in the compliance/security space. So being able to use existing relationships we might have from M3AAWG or the membership contact us forms or even just plain asking on our collaboration channels if someone knows someone is always very helpful.
What advice do you have for someone getting started in M3AAWG?
Don’t be shy and get to know others. We all know that it can be overwhelming at times to meet new people in large organizations, but one of the primary benefits to this group are the long life relationships you will garner from it over time. The program offers new attendees options throughout the meetings. Even helping assign someone to you to help direct you through the organization. Also, join a few groups or projects as well. The last W in M3AAWG stands for working and we expect members to participate as much as possible. This is not only good for us, but you as well. This is a safe place in which you can feel free to express yourself, your ideas, and be who you want to be here.
What is your greatest fear/hope for the online security/anti-abuse industry?
That is a tough one. We all joke that by now the spam issue would have been solved by now or we would all be out of the anti-abuse arena work wise by now and yet we keep getting pulled back in over and over. My fear is that we fall behind and don’t serve our clients well. It’s hard to stay up to date on a lot of this and at times can and will burn you out of your career if you are not careful to make good mental choices for yourself. My hope is that we can continue the good fight and continue to improve ourselves and processes so that we don’t leave much wiggle room for the bad guys to exploit. So my hope is that after 20 years, we will see another 20 years here at M3AAWG, see the continued expansion of the organization, to see new ideas come to fruition that help support the charter and ideas we started back then.
People like Dennis Dayman established the foundation for M3AAWG’s efforts, building a legacy of work that has made a significant impact in the fight against online abuse over the past two decades. Dayman, together with M3AAWG peers within the industry, created a trusted network to share diverse skill sets and information that aided in solving problems and creating potent strategies for combating online abuse. We are prepared to develop best practices and techniques to overcome today’s challenges because of the strength of this network. We extend our sincere thanks to Dennis Dayman and recognize that his contributions have helped us to see our future: a world free of online abuse.