StopSpamAlliance.org

San Francisco, Oct. 28, 2008 – Focusing on the urgent problems of identifying and removing botnets from end-users systems and preventing other online exploitation, the Messaging Anti-Abuse Working Group (MAAWG) initiated several new projects at its third meeting of the year.  The new work represents important steps forward in cooperative industry efforts to protect end-users by addressing the safe mitigation of botnets, ISP migration to IPv6, detection and reporting of compromised hosts, Web messaging abuse and other outbound abuse. The progress of these projects and other ongoing work will be reviewed at the 15th MAAWG General Meeting on February 17-19 in San Francisco, Calif.

“Botnet mitigation is exceedingly important in protecting end users from abuse and in maintaining a trusted online environment. MAAWG is aggressively responding to this rapidly growing threat,” said Michael O’Reirdan, MAAWG chairman.

“At the same time, we’re also continuing our day-to-day block and tackle work on authentication, feedback loops, abuse reporting and other topics.  They are all weapons in our armory,” O’Reirdan said.

“Bots” and “zombies” are computers infected with malicious code spread via contaminated emails, instant messages or Web sites and installed without the user’s permission.  The bots often are coordinated into covert networks used to send spam, or “botnets” that can entail hundreds of thousands of unsuspecting computers.  Users with polluted machines are generally unaware their systems are sending the abusive email, and among other threats, the malware might also capture users’ sensitive information for use by identity thieves.

The new and ongoing work to address botnets and other abuse issues from the MAAWG meeting held Sept. 22-24 in Ft. Lauderdale, Fla. included the formation of:

•    A botnet mitigation subcommittee that will develop best practices to safely remove malware from unsuspecting users’ computers
•    A subcommittee reviewing a novel method by which senders of solicited bulk email can detect that individual subscribers may have been infected by malware, and automatically report their suspicion to that subscriber’s ISP
•    An IPv6 and botnets subcommittee researching how IPv6 will impact botnet detection
•    A migrating to IPv6 subcommittee developing best practices for upgrading a messaging infrastructure
•    New working groups formed to address security issues in Web messaging and other outbound abuse
•    In addition, domain registrars are invited to comment on the current Registrars best practices draft by contacting MAAWG through its Web site: www.MAAWG.org

MAAWG is the largest industry organization uniting ISPs, mailbox providers and vendors from around the world against online abuse. The three-day, multi-track February meeting will feature panels, keynote speakers and open discussions with public policy representatives on tackling the increasing volumes of toxic abuse that endanger users and the industry.  Information on the meeting and on MAAWG is available at www.MAAWG.org.

SAN FRANCISCO, June 25, 2008 – Network operators and ISPs from around the world have cooperated on two new best practice papers addressing technical issues that will help block botnet-induced spam and improve the deliverability of consumers’ personal emails.  The recommendations for sharing IP address space and for email forwarding were approved at a Messaging Anti-Abuse Working Group (MAAWG) meeting in Heidelberg, Germany last week and are available today.

“MAAWG Methods for Sharing Dynamic IP Address Space Information with Others” resolves a concern heightened by the proliferation of botnets, which often use dynamic addresses to send spam.  The paper describes four approaches to make these addresses more easily obtainable by mailbox providers and includes a discussion of the advantages and disadvantages of each.

The methods in the paper “MAAWG Recommendations: Email Forwarding Best Practices” will help ISPs distinguish legitimate consumers using a forwarding service from spammers.  It outlines practices to improve cooperation between volume forwarders and network operators to avoid unintentionally blocking valid accounts because of abusive incoming mail.

Help Distinguish Legitimate from Potentially Criminal

The address sharing recommendations were developed to assist mailbox providers that do not accept email sent from dynamic IP addresses.  While most consumers connect to the Web through modems using a dynamic address, their email is usually funneled through their ISP’s mail server, which has a static (non-changing) IP address.  But when a bot invades a consumer’s computer, it often bypasses the ISP’s mail server so that the resulting spam comes directly from the user’s dynamic address. Identifying the ranges of network addresses that each ISP has assigned as dynamic addresses so that mailbox providers can identify and cut off botnet-induced spam, has been a complex and difficult process.

“There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it.  The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users’ inboxes,” said J.D. Falk, MAAWG Board member and Return Path director of product management.

The forwarding best practices also provide technical recommendations to improve communications between sending and receiving entities.  Many mailbox providers and institutions offer consumers either a permanent email address or a short-lived, temporary address set up so that messages are forwarded to consumers’ underlying ISP account.  Over time, these addresses may receive and forward a significant volume of junk mail, causing the user’s ISP to conclude that the forwarding service is a spam source and block all incoming mail from that service.  The MAAWG paper outlines steps forwarders can implement to improve deliverability and speed problem resolutions, such as separating sending and forwarding server functions. Practices for receivers include posting policies on the Web and recognizing IP space designated for forwarding.

Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies, said, “Any address will attract some spam and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it.  Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked.”

Both papers are available at no cost from the MAAWG Web site, www.MAAWG.org.  They were finalized at the MAAWG 13th General Meeting, which was attended by over 230 abuse and privacy professionals from ISPs, email providers and vendors representing 18 countries.  The trade association’s final meeting for 2008 will be Sept. 22-24 in Fort Lauderdale, Fl., and will include working sessions and expert speakers on a variety of topics including botnets and increasing worldwide anti-abuse cooperation.

San Francisco, April 22, 2008 – The Messaging Anti-Abuse Working Group (MAAWG) has released version 2.0 of its Senders Best Communications Practices defining how volume email senders can improve the deliverability of legitimate e-newsletters and permission-based e-marketing. The recommendations, originally issued last year as one of the first collaborative efforts between network operators and volume senders worldwide, has been updated to address new forms of spam and to clarify permission options.

Available today at the MAAWG site www.MAAWG.org, the updated best practices include new guidelines to help legitimate email avoid being mistaken for image-based junk mail, which has become a popular spamming technique. List permission and opt-in recommendations have been amended to reflect current practices, and recommended user-unsubscribe processes are clarified, along with other updates to the document, according to Dennis Dayman, MAAWG senders committee co-chair and Eloqua Corp. chief privacy officer.

“The MAAWG senders best practices are intended to help protect users’ online experience by improving industry cooperation and communication. For example, in this update we advise e-marketers not to embed unsubscribe instructions in an image or icon, as many users’ systems will automatically block the message or not display the icon,” Dayman said.

Originally issued by MAAWG last year, the best practices were developed through the cooperative effort of the industry’s largest ISPs, network operators and vendors. The original practices also were endorsed by other trade associations, such as CAUCE (Coalition Against Unsolicited Commercial Email), an organization that represents Internet users and email recipients.

San Francisco, April 1, 2008 – Setting the stage for a better understanding of sender authentication as a technology to combat junk email, the Messaging Anti-Abuse Working Group (MAAWG) has released a new white paper describing the practice as a foundation for protecting legitimate Internet mail. “Trust in Email Begins with Authentication” provides an overview of the technology by focusing on the standardized mechanisms in general use today, Sender Policy Framework (SPF), Sender IDentification Framework (SenderID), and DomainKeys Identified Mail (DKIM).

“Authentication mechanisms can help distinguish legitimate email from spam.  When used as part of a multi-faceted anti-abuse program, it is an important tool to help protect business brands from forgery and phishing attacks,” said Dave Crocker, the MAAWG senior advisor who edited the paper and principal at Brandenburg InternetWorking.

Email authentication mechanisms are used to validate the identity of an email’s sender, stifling would-be spammers who often forge the “From” field in an email message to avoid detection.  The executive summary of the MAAWG paper provides an overview of how authentication can be used to protect email and is intended for general business managers.  The main body provides more detail on SPF, SenderID, and DKIM mechanisms and is intended for technical readers familiar with basic Internet mail service.

“Trust in Email Begins with Authentication” is available at no cost at the MAAWG Web site, www.MAAWG.org.

San Francisco, March 10, 2008 – Initiating a dialogue with ISPs on how to protect social sites from exploitation, Craig Newmark, founder of Craigslist, asked network operators to trust that users will voluntarily report abuse and to cooperate with sites in building a safe online environment at the Messaging Anti-Abuse Working Group (MAAWG) general meeting in San Francisco held Feb. 18-20. Over the course of the event, MAAWG committees completed a white paper on email authentication and updated best practices for volume email senders, both of which will be released to the industry within the next few weeks.

A new subcommittee formed at the meeting began work focusing on DNS abuse and port 53 management, and the event also featured panels and committee discussions on filtering, monitoring outbound traffic, and other topics, according to Jerry Upton, MAAWG executive director. The MAAWG 12th General Meeting, attended by 300 industry professionals from over 20 countries, was the first of three meetings the organization will have this year to advance the technology, public policy and collaborative work necessary to fight messaging abuse and spam.

The organization’s 2008 officers also were named at the meeting with Michael O’Reirdan, a distinguished engineer in national engineering and technical operations at Comcast, elected MAAWG chair. MAAWG vice-chairs for the year are Jonathan Curtis, sr. security architect, technology development at Bell Canada; and Charles Stiles, Goodmail Systems vice president of worldwide business development. Laurie Jill Wood, director of enterprise security at Charter Communications, continues as treasurer. All have been actively promoting cooperation among ISPs and vendors.

On the social networking panel, Newmark stressed the value of trusting users to report abuse of his or any other popular site, a theme reiterated by the other panelists from Google and Six Apart. At the same time, Newmark recognized the need for increased collaboration between ISPs and socially oriented sites to improve the experience for all users.

The social networking panel was one of more than 25 sessions and committee meetings organized during the event. The discussions between ISPs and social networking site operators will continue at the upcoming 13th MAAWG General Meeting, June 10-12 in Heidelberg, Germany, along with presentations on vital technical and public policy issues. More information is available at the MAAWG Web site, www.MAAWG.org.

San Francisco, Feb. 5, 2008 – The London Action Plan (LAP), an important coalition of public and private entities from 27 countries cooperating on international spam law enforcement, has invited the Messaging Anti-Abuse Working Group (MAAWG) to join the alliance. MAAWG is a global association of network operators, email providers and vendors, and will work to support LAP efforts to strengthen international cooperation in fighting spam and other online abuse.

“MAAWG is a key international venue for sharing and improving on the most effective techniques to combat online abuse, spam and fraud. MAAWG’s participation in the London Action Plan further advances the global cooperation between public agencies and private industry that is essential to protect consumers and commerce,” said Hugh Stevenson, Deputy Director for International Consumer Protection in the Office of International Affairs at the U.S. Federal Trade Commission, one of the agencies serving as LAP’s Secretariat.

LAP members cooperate on cross-border spam-related matters, as permitted within the laws of their respective countries. The effort grew out of a 2004 meeting to develop a cooperative program furthering the work of various international organizations addressing these issues, including the Organisation for Economic Cooperation and Development (OECD) and the OECD Spam Task Force, the International Telecommunications Union (ITU), the European Union (EU), the International Consumer Protection Enforcement Network (ICPEN), and the Asia-Pacific Economic Cooperation (APEC).

The newly appointed MAAWG Public Policy Chair, Susan Israel of Comcast, said, “Online abuse now flows seamlessly and consistently across borders everywhere. An important aspect of MAAWG is building the cooperative relationships between our members, who are private-sector industry leaders, and public agencies worldwide to better address these problems. Working with LAP is an important milestone in this effort.”

LAP and the European Union’s Contact Network of Spam Authorities co-located their most recent joint meeting in October 2007 in Washington, D.C. with the MAAWG 11th General Meeting. MAAWG will hold its next members-only meeting of about 300 industry professionals in San Francisco on Feb. 18-20. The meeting will feature both open discussion and expert presentations on abuse abatement, public policy issues, sender authentication, reputation management, and understanding the end-user experience. Details are available at www.MAAWG.org.

The ITU Regional Workshop on Frameworks for Cybersecurity and CIIP and related Cybersecurity Forensics Workshop, will be held in Doha, Qatar, 18-21 February 2008. The workshop is being hosted by ictQATAR and organized in collaboration with Q-CERT, the Qatar National Program for Information Security. More detailed information on the workshop can be found on the event website at www.itu.int/itu-d/cyb/events/2008/doha/. The workshop aims to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity.

The workshop, one in a series of regional events organized by ITU-D, is being held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. See the workshop website for more details.

The U.S. Federal Trade Commission (FTC) recently released a staff report summarizing the findings of the FTC’s Spam Summit held in July 2007 and also announcing the results of an email harvesting and anti-spam filter study. The news release and copy of the text of the report can be found at < http://www.ftc.gov/opa/2007/12/spam.shtm>.

MAAWG will hold its 12th general meeting from February 18 -20, 2008 at the Intercontinental Mark Hopkins in San Francisco. Access is limited to members and invited guests.

San Francisco, Nov. 27, 2007 – A summary of the most effective abuse desk best practices from MAAWG service providers was compiled for general industry use at the latest Messaging Anti-Abuse Working Group members-only meeting. The three-day working conference also featured a keynote address from the U.S. Federal Trade Commission chairman, joint-working sessions with cooperating international anti-spam organizations, and progress on recommended email authentication practices.

The meeting held last month in Washington, D.C., brought together almost 250 MAAWG members and 70 participants from the LAP (London Action Plan) and CNSA (the EU Contact Network of Spam Authorities created by the European Commission) representing over 20 countries. Significant progress on collaborative and technical measures to combat online abuse globally was made during the 21 sessions held Oct. 8-10, including:

• A summary of the best abuse desk procedures was compiled from MAAWG member ISPs and email providers and is now available to the industry. The MAAWG Abuse Desk Common Practices provides insight into the processes that have proven most effective in educating customers, reducing email abuse problems, and developing knowledgeable abuse desk employees. It can be downloaded at the organization’s Web site www.MAAWG.org.

• Work continued on an email authentication white paper edited by David Crocker, MAAWG senior technical advisor and principal with Brandenburg InternetWorking. MAAWG sees authentication as an important technology to reduce spam and phishing emails. The paper will offer a basic introduction to email authentication for management staff and then discuss technical concepts and choices in more details for software developers and network engineers.

• A new subcommittee was created focusing on email forwarding issues to be chaired by Jay Opperman of Comcast. The group will create a best practices document which will include recommendations and guidelines for filtering, authentication and reputation policies to increase the quality of mail delivered to the end recipient.
• The MAAWG Technical Committee began work on defining reputation management terms. This is the first step in creating an industry-wide dialogue on generally accepted practices to measure senders’ reputations and improve deliverability of “false positive” emails. Mike Adkins of AOL, Pat Petersen of Ironport Systems, and Chris Roosenraad of Time Warner Cable also were elected MAAWG Technical Committee co-chairs.

FTC Chairman Deborah Platt Majoras announced in her Oct. 10 speech at the meeting the first law enforcement action in which the FTC employed the U.S. SAFE WEB Act to share information with foreign partners resulting in a temporary restraining order against the principals behind an international spamming enterprise that fraudulently marketed anti-aging and weight loss products. The LAP (www.londonactionplan.com) and CNSA with MAAWG and held special training and other conference sessions for their members.

The second quarter 2007 MAAWG Email Metrics Report was reviewed and has been released since the meeting. This quarterly report is compiled by ISP and email service provider members to help the industry understand the current volume of abusive email and spot trends. A training session on the new MAAWG Abuse Contact Database that allows members direct communications with each other to address reputation and abuse issues also was held at the meeting.

MAAWG has scheduled three meetings next year, with activities continuing in its technical, collaboration and public policy committees between the events. The 2008 February meeting in San Francisco, June meeting in Heidelberg, Germany, and September meeting in Miami, Florida, are open to members only. Information on the organization and future meetings is available at www.MAAWG.org.