All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
1
These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
PDF
May 01, 2025
M3AAWG AI Model Lifecycle Security Best Common Practices
This document specifies the best-known common practices, as of publication, for evaluating the security of AI applications and services, whether they are purchased or developed in-house. It aims to ensure that all stages of the AI lifecycle, from data collection to deployment and monitoring, adhere to best practices to mitigate risks, ensure transparency and maintain system integrity. By implementing robust model development and deployment processes and continuously updating AI systems to adapt to changing environments, the guidelines aim to enhance the effectiveness, reliability and security of AI applications and services. This document is intended to offer specific best common practices with clear normative language for these practices aimed at the information technology sector practitioners. This document is intended to augment other current practices from relevant bodies, such as ISO/IEC, the National Institute of Standards and Technology (NIST), the European Telecommunications Standards Institute (ETSI), CEN/CENELEC, and the IEEE. It will be updated to reflect changing technology and aims to support implementers and practitioners, rather than stipulating requirements.
PDF
January 29, 2024
M3AAWG DNS Abuse Prevention, Remediation, and Mitigation Practices for Registrars and Registries
This document is intended to provide concrete best practices for preventing or mitigating malicious or compromised domains at the registry or registrar level. A fundamental gap within the DNS community exists for how registries and registrars can best operationally effectuate anti-abuse mechanisms specific to malicious or compromised domains. M3AAWG hopes this document will help inform relevant DNS stakeholders and promote a safer and more secure DNS ecosystem.
PDF
August 11, 2023
M3AAWG Best Common Practices for Managing Port 25 for IP Networks
This document is an update to our previous "Managing Port 25 for Residential or Dynamic IP Space - Benefits of Adoption and Risks of Inaction" document published in 2005.
Spammers and other abusers often use viruses and spyware as vehicles to assume control over large numbers of computers. By managing the sending of email from devices on their network, providers can reduce the costs of running their business, increase customer satisfaction, and reduce the level of internet abuse associated with their service.
PDF
May 18, 2023
M3AAWG Present and Future of the Public Suffix List
This document describes the PSL, explains its current strengths and limitations, and outlines some possible future enhancements. Most importantly, though, the community must step up and help to make sure it continues to exist.
PDF
May 12, 2023
M3AAWG Ransomware Active Attack Response Best Common Practices
This document addresses the options available if you realize that you are a victim of a Ransomware attack. It explains how to consider risks and alternatives in resolving the recovery and supporting continuity for your business, and how to tackle those issues.