StopSpamAlliance.org

San Francisco, Jan. 28, 2010 – With the participation of some of the industry’s largest ISPs, email providers and Internet companies, the Messaging Anti-Abuse Working Group (MAAWG) is focusing on how to better protect the end user from spam, bots and other messaging exploitations during its February meeting in San Francisco.  The three-day, multi-track event will feature experts from Google, Mozilla, Microsoft, all the major anti-virus vendors, social networking sites, and anti-spam researchers, among others.

The first of three MAAWG meetings this year, the goal of the Feb. 16-18 event is to encourage a frank discussion and share innovative techniques to better safeguard consumers, according to Michael O’Reirdan, MAAWG chairman.  MAAWG meetings are organized around a series of roundtables, expert presentations on groundbreaking work, and closed-door discussions on sensitive anti-spam issues.

Among the topics to be addressed at the meeting are:

• Web browser security
• The future of desktop and device email clients
• Domain registrar account security, such as problems that enabled the recent attack against a Chinese search engine
• Authentication and DKIM
• Wireless messaging abuse
• Bulk-email senders practices
• Initial results of the 2010 consumer email survey, expanded to cover both North America and Europe

The MAAWG ISP Closed Colloquium (ISPCC), held each day of the meeting, provides an opportunity for network operators to address confidential issues in private.  This session will be opened to all meeting participants the last day of the event, providing a unique opportunity for dialogue among ISPs, bulk senders and vendors.  Other MAAWG committee work will continue on best practices and white papers related to IPv6, port 53 issues, and feedback loops.  Financial Times journalist Joseph Menn will share his research into DDOS espionage, the basis of his new book Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

MAAWG meetings are open to members and invited experts only.  Registration and meeting information is available at www.MAAWG.org.

San Francisco, Dec. 17, 2009 – Bolstering industry cooperation against malware, bots and spam, the Messaging Anti-Abuse Working Group (MAAWG) has formalized new liaison relationships with the international standards body IETF (Internet Engineering Task Force), and BITS, the technology policy division of the Financial Services Roundtable representing 100 of the largest U.S. financial institutions providing banking, insurance, and investment products and services.

The new liaisons will help expedite the adoption of MAAWG best practices among a wider audience of industry professionals. The IETF is beginning work to convert selected MAAWG documents into industry-adopted Best Common Practices and will comment on MAAWG technology recommendations for tackling spam and malware. BITS will also provide important feedback to MAAWG working committees on email authentication and the specific messaging concerns facing the financial services industry.

“Sharing anti-abuse expertise and industry best practices is our first line of defense as the industry works to protect end-users. Our relationships with the IETF and BITS will be a conduit between the extensive knowledge of these organizations and the expertise of MAAWG members who are on the front lines of fighting spam. MAAWG members are ISPs, email providers, volume senders, social networking sites and anti-virus vendors, all of whom interface with users everyday,” said MAAWG Chairman Michael O’Reirdan.

New Liaisons Expand Industry’s Messaging Safety Efforts

As an industry association, MAAWG issues recommended best practices developed by its members. The IETF (www.ietf.org) is an international governing body overseeing Internet operations and will publish selected MAAWG work as industry-official Best Common Practices.

The IETF liaison to MAAWG, Barry Leiba, said, “The new liaison relationship between the IETF and MAAWG will give us a channel to get work flowing between the two organizations. We expect to get more input into IETF standards from MAAWG members, and to get more exposure and feedback on some of MAAWG’s work by bringing it into the IETF.”

The Financial Services Roundtable’s BITS division (www.bits.org) will work with MAAWG on email authentication and other messaging issues.

BITS Vice President of Security Paul Smocer said, “We’re pleased to form this formal liaison with MAAWG. Combating email abuse through strong email authentication is a priority for BITS members and their customers. MAAWG support to help promote email authentication is a clear indication of both the ISPs and messaging industry’s commitment to consumer protection in general, and the financial services industry’s efforts to work with our service providers.” BITS focuses on strategic issues where industry cooperation serves the public good, such as critical infrastructure protection, fraud prevention, and the safety of financial services.

San Francisco, July 31, 2009 – With the growing problem of bot infestations contributing to spam, identity theft and online fraud, the Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users’ machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware.

Bots, or malware running on users’ computers without their knowledge, are responsible for generating up to 90 percent of spam and can also be used to steal personal information or take part in DDOS (distributed denial of service) attacks. MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks (Version 1.0) outlines strategies used by some of the largest ISPs worldwide yet was developed to be scalable for smaller network operators and to consider legal and process differences among countries.

“Bots are a global affliction and these best practices are an important step in educating the industry on the appropriate processes to help protect consumers. We’re sharing the experiences of our global membership so that network operators everywhere can more aggressively tackle this problem. As an industry, we are becoming more proactive in alerting customers when bots are detected on their computers and in helping users remove the malware before it can harm them,” said MAAWG Chairman Michael O’Reirdan.

The new best practices outline various options for alerting customers when their computers are infected and has suggestions for helping end-users clean their systems. The paper discusses bot detection methods, customer notification, and the use of walled gardens to limit infected machines’ exposure to the Internet. Among the recommendations:

• While protecting users’ privacy, network operators can use various tools to detect infected end-user computers, including DNS, scanning the IP space to identify vulnerable computers, and collecting IP traffic information for known command and control addresses.
• Email, phone calls to customers, postal mail and walled gardens are common notification tools, each with their own considerations. In-browser messages are considered to be among the most effective methods to alert customers but also can be technically challenging to implement.
• ISPs need to maintain a well-publicized security portal that includes directions for end-user bot removal.

The paper also includes sample end-user messages and a list of malware detection and removal tools. The best practices will continue to be revised to reflect new procedures and the evolution of new bots threats.

Users Under Estimate Bot Threat

A bot residing on a consumers’ computer is usually part of a larger network of machines programmed to perform specific, clandestine operations under the control of a “botmaster.” The malware is often installed on unsuspecting consumers’ machines when they click on an infected email or download illicit code from a compromised Web site. Bots are designed to operate stealthily ­– for example, sending spam or recording passwords and personal information without their owners’ knowledge – making it difficult for end-users to detect their machines are infected.

While about 80 percent of consumers are aware of bots, only 20 percent believe they will ever be infected, according to a survey MAAWG released in July (the survey and related news release are available at www.MAAWG.org). “ISPs need to take steps to protect users, but we also need to continually educate customers and work closely with them to contain bot propagation,” O’Reirdan said.

The new bot mitigation best practices are part of the ongoing work at MAAWG to confront messaging abuse. Previously, MAAWG has published best practices for managing port 25, using walled gardens, sharing dynamic IP address space, email forwarding practices, and senders best communications practices, among other topics.

The MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks can be downloaded from the organization’s Web site at www.MAAWG.org. The MAAWG consumer survey, published white papers and best practices also are available at the site.

San Francisco, July 15, 2009 – Everyone asks, “who would be so reckless as to click on this junk?” but almost a third of consumers admitted to responding to a message they suspected might be spam, according to a survey released today by the Messaging Anti-Abuse Working Group (MAAWG).  Also alarming, about 80 percent of users doubted their computers were at risk of ever being infected with a “bot,” which is a covertly planted virus capable of sending spam or causing other damage without the owner’s knowledge.

The results indicate a lack of awareness among consumers since industry reports indicate bots are responsible for generating much of today’s illegiti¬mate email.  MAAWG commissioned the study, “A Look at Consumers’ Awareness of Email Security and Practices,” to gauge users’ understanding of messaging threats and to identify how best to work with users in removing bots and viruses from infected systems.  The report is based on 800 interviews with computer users in the United States and Canada who said they were not “security experts” and who used email addresses that were not managed by a professional IT department.

The survey data creates a picture of users familiar with general email-based threats but not necessarily as alert or cautious as they should be to proactively protect themselves against spam, online fraud and other email-related hazards.  There also is no general consensus among consumers as to how network operators and industry vendors should interact with customers when addressing these issues.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection.  Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems,” said MAAWG Chair Michael O’Reirdan.

About two-thirds of the consumers surveyed considered themselves “very” or “somewhat” knowledgeable in Internet security.  While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no action to prevent abusive messages from entering their inbox.  A majority of consumers, 63 percent, would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

Offers a Framework for Working with Subscribers

Ferris Research, Inc., an industry analysis firm that tracks messaging issues, provided additional recommendations in the report for service providers and vendors based on the survey findings.  Among their suggestions is that network operators and vendors consider offering remote bot mitigation capabilities to differentiate their services from competitors.  Vendors also might consider refining spam filters based on the specific patterns defined in the study.

For example, the MAAWG survey found that users between the ages of 24 and 44 are more likely to use email for banking and bill statements, so industry vendors might focus on preventing phishing spam for these consumers.

Ferris Research Principal David Ferris said, “According to the MAAWG findings, about one in six people are prepared to make an effort to report spam and the industry should find more ways to tap into this potential.  Conversely, the volume of people who still respond to spam is regrettable because it’s an economic incentive to spammers,” he said.

This is the first consumer survey commissioned by MAAWG, which is the largest global trade association tackling messaging abuse.  Bots are one of the fastest growing email security issues.

The complete 60-page survey report, “A Look at Consumers’ Awareness of Email Security and Practices or ‘Of Course I Never Reply to Spam, Except Sometimes’” includes graphs, detailed findings and analysis.  It is available today at no cost on the MAAWG Web site, www.MAAWG.org.

San Francisco, May 21, 2009 – Two new hands-on training classes taught by recognized industry experts  — a class on IPv6 featuring a live IPv6 Web connection and a class on implementing DKIM email authentication –- will be available to attendees at the 16th MAAWG General Meeting at no cost.  The Messaging Anti-Abuse Working Group (MAAWG), the largest global trade association working against messaging exploitation, added the courses to help educate the industry on the latest techniques to manage messaging networks while protecting online users and improving email deliverability.

The MAAWG meeting, June 9-11 in Amsterdam, the Netherlands, will feature a keynote address by one of the top cybercrime officials at the European Commission, Radomir Jansky, on proposed EU legislative work addressing online attacks and botnets. There will also be more than 25 working sessions related to spam and mobile spam, botnets and messaging abuse.

The two training classes will be offered June 8 before the members-only meeting.  MAAWG meetings focus on cooperative global efforts, education and industry networking to combat messaging abuse in all its forms and generally attract hundreds of international attendees.

Practical, Expert Training, Live IPv6 Connectivity

“We added the new training classes to help our members take the lead in securing their networks and protecting their users.  The working professionals teaching these courses have a wide-ranging understanding of both the theoretical and practical side of these technologies and we are fortunate to have them share their knowledge,” said Michael O’Reirdan, MAAWG chairman.

The live IPv6 connectivity available for the training class and during the meeting will be provided by MAAWG member UPC Broadband, the European division of Liberty Global, Inc., which is a primary international cable operator providing television, broadband Internet and telephone services to approximately 10 million customers throughout 10 European countries. This will be the first exposure for many of the MAAWG attendees to a working IPv6 network.

The class will cover the fundamentals of the new protocol, including how to configure an operating system to connect with a network running IPv6 and an opportunity to connect to an IPv6 Web and mail server.  MAAWG IPv6 Committee Co-Chair John Jason Brzozowski and MAAWG Senior Advisor Joe St Sauver will teach the course.

The training session on implementing DKIM (DomainKeys Identified Mail), which uses cryptographic signing to identify the organization that is taking responsibility for a message, will provide practical instruction on applying the authentication method to email servers.  DKIM is one of several popular standards for adding trust back into email, helping services correctly identify and deliver safe mail.  The course will be taught by David Crocker, MAAWG senior advisor, Internet pioneer and principal of Brandenburg InternetWorking; and Cloudmark DKIM expert Murray Kucherawy.  Both are active in the DKIM standardization process.

Some of the topics to be covered in the 25 sessions during the three-day meeting are:
•    Cross-border enforcement mechanisms
•    Botnet recovery and mitigation issues
•    Inter-provider feedback mechanisms
•    Spam on mobile
•    Deliverability and delivery in Europe

A special MAAWG ISP Closed Colloquium, usually limited to service providers, will be opened to all attendees to encourage frank, open roundtable conversations on working within the industry to combat messaging abuse.  MAAWG members are ISPs, email providers, volume senders and security vendors.

More information on the upcoming meeting and on MAAWG is available at www.MAAWG.org.

San Francisco, Oct. 28, 2008 – Focusing on the urgent problems of identifying and removing botnets from end-users systems and preventing other online exploitation, the Messaging Anti-Abuse Working Group (MAAWG) initiated several new projects at its third meeting of the year.  The new work represents important steps forward in cooperative industry efforts to protect end-users by addressing the safe mitigation of botnets, ISP migration to IPv6, detection and reporting of compromised hosts, Web messaging abuse and other outbound abuse. The progress of these projects and other ongoing work will be reviewed at the 15th MAAWG General Meeting on February 17-19 in San Francisco, Calif.

“Botnet mitigation is exceedingly important in protecting end users from abuse and in maintaining a trusted online environment. MAAWG is aggressively responding to this rapidly growing threat,” said Michael O’Reirdan, MAAWG chairman.

“At the same time, we’re also continuing our day-to-day block and tackle work on authentication, feedback loops, abuse reporting and other topics.  They are all weapons in our armory,” O’Reirdan said.

“Bots” and “zombies” are computers infected with malicious code spread via contaminated emails, instant messages or Web sites and installed without the user’s permission.  The bots often are coordinated into covert networks used to send spam, or “botnets” that can entail hundreds of thousands of unsuspecting computers.  Users with polluted machines are generally unaware their systems are sending the abusive email, and among other threats, the malware might also capture users’ sensitive information for use by identity thieves.

The new and ongoing work to address botnets and other abuse issues from the MAAWG meeting held Sept. 22-24 in Ft. Lauderdale, Fla. included the formation of:

•    A botnet mitigation subcommittee that will develop best practices to safely remove malware from unsuspecting users’ computers
•    A subcommittee reviewing a novel method by which senders of solicited bulk email can detect that individual subscribers may have been infected by malware, and automatically report their suspicion to that subscriber’s ISP
•    An IPv6 and botnets subcommittee researching how IPv6 will impact botnet detection
•    A migrating to IPv6 subcommittee developing best practices for upgrading a messaging infrastructure
•    New working groups formed to address security issues in Web messaging and other outbound abuse
•    In addition, domain registrars are invited to comment on the current Registrars best practices draft by contacting MAAWG through its Web site: www.MAAWG.org

MAAWG is the largest industry organization uniting ISPs, mailbox providers and vendors from around the world against online abuse. The three-day, multi-track February meeting will feature panels, keynote speakers and open discussions with public policy representatives on tackling the increasing volumes of toxic abuse that endanger users and the industry.  Information on the meeting and on MAAWG is available at www.MAAWG.org.

SAN FRANCISCO, June 25, 2008 – Network operators and ISPs from around the world have cooperated on two new best practice papers addressing technical issues that will help block botnet-induced spam and improve the deliverability of consumers’ personal emails.  The recommendations for sharing IP address space and for email forwarding were approved at a Messaging Anti-Abuse Working Group (MAAWG) meeting in Heidelberg, Germany last week and are available today.

“MAAWG Methods for Sharing Dynamic IP Address Space Information with Others” resolves a concern heightened by the proliferation of botnets, which often use dynamic addresses to send spam.  The paper describes four approaches to make these addresses more easily obtainable by mailbox providers and includes a discussion of the advantages and disadvantages of each.

The methods in the paper “MAAWG Recommendations: Email Forwarding Best Practices” will help ISPs distinguish legitimate consumers using a forwarding service from spammers.  It outlines practices to improve cooperation between volume forwarders and network operators to avoid unintentionally blocking valid accounts because of abusive incoming mail.

Help Distinguish Legitimate from Potentially Criminal

The address sharing recommendations were developed to assist mailbox providers that do not accept email sent from dynamic IP addresses.  While most consumers connect to the Web through modems using a dynamic address, their email is usually funneled through their ISP’s mail server, which has a static (non-changing) IP address.  But when a bot invades a consumer’s computer, it often bypasses the ISP’s mail server so that the resulting spam comes directly from the user’s dynamic address. Identifying the ranges of network addresses that each ISP has assigned as dynamic addresses so that mailbox providers can identify and cut off botnet-induced spam, has been a complex and difficult process.

“There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it.  The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users’ inboxes,” said J.D. Falk, MAAWG Board member and Return Path director of product management.

The forwarding best practices also provide technical recommendations to improve communications between sending and receiving entities.  Many mailbox providers and institutions offer consumers either a permanent email address or a short-lived, temporary address set up so that messages are forwarded to consumers’ underlying ISP account.  Over time, these addresses may receive and forward a significant volume of junk mail, causing the user’s ISP to conclude that the forwarding service is a spam source and block all incoming mail from that service.  The MAAWG paper outlines steps forwarders can implement to improve deliverability and speed problem resolutions, such as separating sending and forwarding server functions. Practices for receivers include posting policies on the Web and recognizing IP space designated for forwarding.

Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies, said, “Any address will attract some spam and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it.  Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked.”

Both papers are available at no cost from the MAAWG Web site, www.MAAWG.org.  They were finalized at the MAAWG 13th General Meeting, which was attended by over 230 abuse and privacy professionals from ISPs, email providers and vendors representing 18 countries.  The trade association’s final meeting for 2008 will be Sept. 22-24 in Fort Lauderdale, Fl., and will include working sessions and expert speakers on a variety of topics including botnets and increasing worldwide anti-abuse cooperation.

San Francisco, April 22, 2008 – The Messaging Anti-Abuse Working Group (MAAWG) has released version 2.0 of its Senders Best Communications Practices defining how volume email senders can improve the deliverability of legitimate e-newsletters and permission-based e-marketing. The recommendations, originally issued last year as one of the first collaborative efforts between network operators and volume senders worldwide, has been updated to address new forms of spam and to clarify permission options.

Available today at the MAAWG site www.MAAWG.org, the updated best practices include new guidelines to help legitimate email avoid being mistaken for image-based junk mail, which has become a popular spamming technique. List permission and opt-in recommendations have been amended to reflect current practices, and recommended user-unsubscribe processes are clarified, along with other updates to the document, according to Dennis Dayman, MAAWG senders committee co-chair and Eloqua Corp. chief privacy officer.

“The MAAWG senders best practices are intended to help protect users’ online experience by improving industry cooperation and communication. For example, in this update we advise e-marketers not to embed unsubscribe instructions in an image or icon, as many users’ systems will automatically block the message or not display the icon,” Dayman said.

Originally issued by MAAWG last year, the best practices were developed through the cooperative effort of the industry’s largest ISPs, network operators and vendors. The original practices also were endorsed by other trade associations, such as CAUCE (Coalition Against Unsolicited Commercial Email), an organization that represents Internet users and email recipients.

San Francisco, April 1, 2008 – Setting the stage for a better understanding of sender authentication as a technology to combat junk email, the Messaging Anti-Abuse Working Group (MAAWG) has released a new white paper describing the practice as a foundation for protecting legitimate Internet mail. “Trust in Email Begins with Authentication” provides an overview of the technology by focusing on the standardized mechanisms in general use today, Sender Policy Framework (SPF), Sender IDentification Framework (SenderID), and DomainKeys Identified Mail (DKIM).

“Authentication mechanisms can help distinguish legitimate email from spam.  When used as part of a multi-faceted anti-abuse program, it is an important tool to help protect business brands from forgery and phishing attacks,” said Dave Crocker, the MAAWG senior advisor who edited the paper and principal at Brandenburg InternetWorking.

Email authentication mechanisms are used to validate the identity of an email’s sender, stifling would-be spammers who often forge the “From” field in an email message to avoid detection.  The executive summary of the MAAWG paper provides an overview of how authentication can be used to protect email and is intended for general business managers.  The main body provides more detail on SPF, SenderID, and DKIM mechanisms and is intended for technical readers familiar with basic Internet mail service.

“Trust in Email Begins with Authentication” is available at no cost at the MAAWG Web site, www.MAAWG.org.

San Francisco, March 10, 2008 – Initiating a dialogue with ISPs on how to protect social sites from exploitation, Craig Newmark, founder of Craigslist, asked network operators to trust that users will voluntarily report abuse and to cooperate with sites in building a safe online environment at the Messaging Anti-Abuse Working Group (MAAWG) general meeting in San Francisco held Feb. 18-20. Over the course of the event, MAAWG committees completed a white paper on email authentication and updated best practices for volume email senders, both of which will be released to the industry within the next few weeks.

A new subcommittee formed at the meeting began work focusing on DNS abuse and port 53 management, and the event also featured panels and committee discussions on filtering, monitoring outbound traffic, and other topics, according to Jerry Upton, MAAWG executive director. The MAAWG 12th General Meeting, attended by 300 industry professionals from over 20 countries, was the first of three meetings the organization will have this year to advance the technology, public policy and collaborative work necessary to fight messaging abuse and spam.

The organization’s 2008 officers also were named at the meeting with Michael O’Reirdan, a distinguished engineer in national engineering and technical operations at Comcast, elected MAAWG chair. MAAWG vice-chairs for the year are Jonathan Curtis, sr. security architect, technology development at Bell Canada; and Charles Stiles, Goodmail Systems vice president of worldwide business development. Laurie Jill Wood, director of enterprise security at Charter Communications, continues as treasurer. All have been actively promoting cooperation among ISPs and vendors.

On the social networking panel, Newmark stressed the value of trusting users to report abuse of his or any other popular site, a theme reiterated by the other panelists from Google and Six Apart. At the same time, Newmark recognized the need for increased collaboration between ISPs and socially oriented sites to improve the experience for all users.

The social networking panel was one of more than 25 sessions and committee meetings organized during the event. The discussions between ISPs and social networking site operators will continue at the upcoming 13th MAAWG General Meeting, June 10-12 in Heidelberg, Germany, along with presentations on vital technical and public policy issues. More information is available at the MAAWG Web site, www.MAAWG.org.