All the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
These best practices and papers represent the cooperative efforts of M3AAWG members to provide the industry with recommendations and background information to improve messaging security and protect users. M3AAWG best practices are updated as needed and new documents are added as they become available.
M3AAWG Email Anti-Abuse Product Evaluation Best Current Practices, Updated March 2019
Outlining practices used during trial evaluations of messaging anti-abuse products or services, this document provides recommendations on processes and techniques to accurately determine a particular solution’s effectiveness. The March 2019 version includes recommendations affected by newer technology, such as cloud services, and other updates.
Configuring Human Readable Delivery Status Notifications (DSN), updated 2019
A discussion on improving non-deliverability status notices to better identify abuse issues, this document has been updated with minor changes for clarity and to simplify the text.
M3AAWG DKIM Key Rotation Best Common Practices, March 2019
To minimize the risk of active DKIM keys being compromised, they should be changed frequently. This document was updated in March 2019 and discusses why keys should be rotated, how frequently they should be rotated, and suggests the best common practices for doing so.
M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1
Cyber criminals are increasingly turning to Web-based messaging systems to transmit their content. Yet, there are many techniques to prevent or mitigate these attacks and this document details the Best Common Practices for protecting these messaging systems. This Version 1.1 has been updated additional suggestions for managing the collection, storage and indenxing of data, a new section on multifactor authentication and other changes.
M3AAWG Border Gateway Protocol (BGP) Flowspec Best Practices
Flow Specification (Flowspec) is a new type of Network Layer Reachability Information (NLRI) for the BGP routing protocol. It was originally developed to help mitigate DDoS attacks but its use has expanded to numerous other applications.