StopSpamAlliance.org

San Francisco, Aug. 18, 2010 – Demonstrating their commitment to work with the international online industry to protect consumers, Facebook and Tata Communications, a leading global telecom service provider that is part of India’s Tata Group, have joined the Messaging Anti-Abuse Working Group at the organization’s highest membership level and will serve on the MAAWG Board of Directors. MAAWG is the largest global organization targeting spam and other messaging exploits, and the new members will augment its presence both among social networking platforms and in emerging countries.

MAAWG has grown into an industry conduit for bringing together messaging experts working to curb spam and online abuse from around the world, from all aspects of the industry, and on all types of devices. Facebook has developers in over 180 countries and over 500 million users, including 150 million users actively accessing their accounts through mobile devices. The social media site will play an active role in MAAWG (www.maawg.org) work, interfacing with other members to develop industry practices to safeguard end-users.

Tata Communications (www.tatacommunications.com) is a global telecom service provider based in India, part of the $70.8 billion Tata Group, and it delivers managed solutions to global enterprises, service providers and Indian consumers. Along with its pan-continent network, it has a leadership position in emerging markets and will share its broad perspective as MAAWG develops best practices and in the organization’s public policies discussions.

“Both Facebook and Tata Communications will be engaging with other important social media platforms, global ISPs and the diversified constituents within the industry, to not only make sure the online world is open and connected, but to also ensure it remains as safe as possible for consumers,” said Michael O’Reirdan, MAAWG Chairman.

Joe Sullivan, Facebook’s Chief Security Officer added, “Our deep commitment to site security requires the development of robust technologies and active engagement with organizations like MAAWG. We look forward to collaborating with the entire working group to aggressively fight messaging abuse.”

The MAAWG 20^th General Meeting in Washington, D.C. on Oct. 4-6 will be an important venue for furthering this work. Attended by messaging and security specialists, public policy representatives and academic experts, it will feature professional training sessions open to the industry and multi-track presentations on global legislation, technology and policies to combat messaging abuse. The focus will be on participation in public policy and government initiatives along with ongoing committee work.

San Francisco, May 21, 2010 – As an industry service, the Messaging Anti-Abuse Working Group (MAAWG), the largest global anti-spam industry organization, has released its first online training video and is opening the technical training sessions at its next meeting to non-members for the first time, both at no cost. The new four-part tutorial by leading experts on DomainKeys Identified Mail (DKIM) is now available at the MAAWG website, and the live training courses on DNS security, complaint feedback loops, and DKIM at the MAAWG 19^th General Meeting in Barcelona, Spain, on June 7 will be open to the industry.

MAAWG is offering the free training to educate messaging professionals worldwide on the latest technologies to help prevent spam and fraudulent messages from reaching consumers. According to the organization’s email metrics reports (www.maawg.org/email_metrics_report), almost 90% of all email traffic is spam that is stopped before it reaches end-users’ inboxes.

“We’re facing an ever-escalating war with spam, phishing and email fraud. Recognizing the expertise that gathers at our members-only MAAWG meetings, we wanted to step up to the plate and make this knowledge more accessible to the global industry. The training will enable more messaging specialists to use these tools, and the more professionals capable of implementing advanced technologies, the better the email experience will be for all consumers,” said Michael O’Reirdan, MAAWG chairman.

Free Tutorial and Training Sessions Focus on Strategic Technologies

Now available online, the free DKIM implementation video looks at this popular standard that allows an organization to take responsibility for a message by securely affixing a domain name to it. This allows receivers to evaluate the reputation of the organization. Originally presented in February 2010, the tutorial is the first video in the MAAWG Training Series and runs one hour and 40 minutes. It is delivered in 20 to 35 minute segments covering theory and implementation that can be accessed at www.maawg.org/activities/training.

The DKIM video features Dave Crocker, MAAWG senior technical advisor and principal of Brandenburg InternetWorking, and Murray S. Kucherawy, Cloudmark principal engineer. Crocker has been instrumental in the adoption of the standard, and Kucherawy is the principal author of both Sendmail libdkim and OpenDKIM, the most widely used open source DKIM software.

All of the live training sessions at the MAAWG meeting on June 7 also will be taught by working professionals with extensive knowledge about the topic. In the past, the training sessions were only available to MAAWG members who attended the general meetings. The sessions now open to qualified non-members include:

– DNSSEC (DNS Security) – Paul Vixie, ARIN chairman, Internet Systems Consortium president, and author of several RFCs on DNS, will unravel the technical complexities and outline a path to successful implementation of DNSSEC by highlighting some of the major obstacles and challenges.

– Complaint Feedback Loop Implementation – will look at the technical and social aspects of FBL, from business costs and benefits to the operational issues of creating and using a feedback loop. Kate Nowrouzi, Fishbowl manager of ISP relations, and Heather Lord, a senior engineer in anti-abuse technology at a major ISP, will lead the session.

– DKIM Theory and Implementation – The leading standard for adding trust back into email, this session will explain how DKIM works and how to plan a DKIM strategy, deploy it on email servers, and use it as a trust-based tool. Taught by Crocker and Kucherawy, it will include any updates since the video was made.

Industry professionals can request to attend the June training sessions in Barcelona by selecting “training” as the inquiry type on the “Contact Us” form at the MAAWG website, http://www.maawg.org/contact_form, and sending a message specifying the session with the requestor’s name, company, title, phone number and email address.

More information on the courses is available at www.maawg.org/activities/training. The MAAWG 19^th General Meeting will be held June 8-10 in Barcelona. The three-day event following the training is open to members-only and will focus on mobile platforms. (Meeting details are in a May 18 MAAWG news release.)

San Francisco, May 18, 2009 – The Messaging Anti-Abuse Working Group will host the GSMA Security Group at the MAAWG 19^th General Meeting in Barcelona on June 8-10 with a multi-track event focusing on all forms of spam delivery, including mobile, broadband, terrestrial and Web messaging. The meeting will also feature an insiders’ panel discussing the recent crackdown on the Mariposa botnet, sessions on mobile spam and abuse reporting technologies, and a look at critical technical and international public policy issues affecting abuse abatement.

The GSM Association Security Group (GSMA-SG) will participate on various MAAWG panels and will hold its own closed sessions. In addition, MAAWG is making several of its June 7 technical training sessions available to non-member industry professionals at no cost in an effort to share critical information with the market.

GSMA SG Chairman Charles Brookson said, “We both face very similar challenges, and we are looking forward to a fruitful meeting leading to ongoing cooperation.”

The three-day MAAWG meeting will include:

- Sessions on mobile spam reporting 7726, the state of bots on mobile networks, and expert discussions on the differences between Internet email and mobile messaging

- Panels on the Mariposa botnet and other international private/public initiatives to fight bots around the world

- An update on current international public policy concerns and potential projects

- DKIM (DomainKey Indentified Mail) signing strategies and MARF (Mail Abuse Reporting Format) sessions

- Working sessions on best practices for troubleshooting delivery problems and senders abuse reporting processes

- A comparison of the best – and worst – email marketing practices in both the United States and Europe

- A review of domain hacking and protection technologies, DNS Security case studies and DNSSEC deployment

To facilitate industry-wide dialogue, the ISP Closed Colloquium, usually restricted to MAAWG service providers, will be opened to all MAAWG members on June 10, including senders and vendors.

MAAWG, the largest industry organization working worldwide to combat all types of messaging abuse, invited GSMA to participate in the meeting because of its significant role representing the international mobile communications industry.

MAAWG Chairman Michael O’Reirdan said, “Spam, phishing and other types of messaging abuse move across devices and platforms as seamlessly as they travel across country borders these days. At MAAWG, our mission is to pursue industry cooperation to protect consumers and provide a safe online experience.”

Information on the meeting is available at the MAAWG website, www.maawg.org. Industry professionals also can find more information on the training there.

San Francisco, March 24, 2010 – A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection.

“Consumers need to understand they are not powerless bystanders. They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman.

“When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said.

The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America. The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

• Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
• Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
• On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
• Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers. Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
• Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

San Francisco, Jan. 28, 2010 – With the participation of some of the industry’s largest ISPs, email providers and Internet companies, the Messaging Anti-Abuse Working Group (MAAWG) is focusing on how to better protect the end user from spam, bots and other messaging exploitations during its February meeting in San Francisco.  The three-day, multi-track event will feature experts from Google, Mozilla, Microsoft, all the major anti-virus vendors, social networking sites, and anti-spam researchers, among others.

The first of three MAAWG meetings this year, the goal of the Feb. 16-18 event is to encourage a frank discussion and share innovative techniques to better safeguard consumers, according to Michael O’Reirdan, MAAWG chairman.  MAAWG meetings are organized around a series of roundtables, expert presentations on groundbreaking work, and closed-door discussions on sensitive anti-spam issues.

Among the topics to be addressed at the meeting are:

• Web browser security
• The future of desktop and device email clients
• Domain registrar account security, such as problems that enabled the recent attack against a Chinese search engine
• Authentication and DKIM
• Wireless messaging abuse
• Bulk-email senders practices
• Initial results of the 2010 consumer email survey, expanded to cover both North America and Europe

The MAAWG ISP Closed Colloquium (ISPCC), held each day of the meeting, provides an opportunity for network operators to address confidential issues in private.  This session will be opened to all meeting participants the last day of the event, providing a unique opportunity for dialogue among ISPs, bulk senders and vendors.  Other MAAWG committee work will continue on best practices and white papers related to IPv6, port 53 issues, and feedback loops.  Financial Times journalist Joseph Menn will share his research into DDOS espionage, the basis of his new book Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

MAAWG meetings are open to members and invited experts only.  Registration and meeting information is available at www.MAAWG.org.

San Francisco, Dec. 17, 2009 – Bolstering industry cooperation against malware, bots and spam, the Messaging Anti-Abuse Working Group (MAAWG) has formalized new liaison relationships with the international standards body IETF (Internet Engineering Task Force), and BITS, the technology policy division of the Financial Services Roundtable representing 100 of the largest U.S. financial institutions providing banking, insurance, and investment products and services.

The new liaisons will help expedite the adoption of MAAWG best practices among a wider audience of industry professionals. The IETF is beginning work to convert selected MAAWG documents into industry-adopted Best Common Practices and will comment on MAAWG technology recommendations for tackling spam and malware. BITS will also provide important feedback to MAAWG working committees on email authentication and the specific messaging concerns facing the financial services industry.

“Sharing anti-abuse expertise and industry best practices is our first line of defense as the industry works to protect end-users. Our relationships with the IETF and BITS will be a conduit between the extensive knowledge of these organizations and the expertise of MAAWG members who are on the front lines of fighting spam. MAAWG members are ISPs, email providers, volume senders, social networking sites and anti-virus vendors, all of whom interface with users everyday,” said MAAWG Chairman Michael O’Reirdan.

New Liaisons Expand Industry’s Messaging Safety Efforts

As an industry association, MAAWG issues recommended best practices developed by its members. The IETF (www.ietf.org) is an international governing body overseeing Internet operations and will publish selected MAAWG work as industry-official Best Common Practices.

The IETF liaison to MAAWG, Barry Leiba, said, “The new liaison relationship between the IETF and MAAWG will give us a channel to get work flowing between the two organizations. We expect to get more input into IETF standards from MAAWG members, and to get more exposure and feedback on some of MAAWG’s work by bringing it into the IETF.”

The Financial Services Roundtable’s BITS division (www.bits.org) will work with MAAWG on email authentication and other messaging issues.

BITS Vice President of Security Paul Smocer said, “We’re pleased to form this formal liaison with MAAWG. Combating email abuse through strong email authentication is a priority for BITS members and their customers. MAAWG support to help promote email authentication is a clear indication of both the ISPs and messaging industry’s commitment to consumer protection in general, and the financial services industry’s efforts to work with our service providers.” BITS focuses on strategic issues where industry cooperation serves the public good, such as critical infrastructure protection, fraud prevention, and the safety of financial services.

San Francisco, July 31, 2009 – With the growing problem of bot infestations contributing to spam, identity theft and online fraud, the Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users’ machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware.

Bots, or malware running on users’ computers without their knowledge, are responsible for generating up to 90 percent of spam and can also be used to steal personal information or take part in DDOS (distributed denial of service) attacks. MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks (Version 1.0) outlines strategies used by some of the largest ISPs worldwide yet was developed to be scalable for smaller network operators and to consider legal and process differences among countries.

“Bots are a global affliction and these best practices are an important step in educating the industry on the appropriate processes to help protect consumers. We’re sharing the experiences of our global membership so that network operators everywhere can more aggressively tackle this problem. As an industry, we are becoming more proactive in alerting customers when bots are detected on their computers and in helping users remove the malware before it can harm them,” said MAAWG Chairman Michael O’Reirdan.

The new best practices outline various options for alerting customers when their computers are infected and has suggestions for helping end-users clean their systems. The paper discusses bot detection methods, customer notification, and the use of walled gardens to limit infected machines’ exposure to the Internet. Among the recommendations:

• While protecting users’ privacy, network operators can use various tools to detect infected end-user computers, including DNS, scanning the IP space to identify vulnerable computers, and collecting IP traffic information for known command and control addresses.
• Email, phone calls to customers, postal mail and walled gardens are common notification tools, each with their own considerations. In-browser messages are considered to be among the most effective methods to alert customers but also can be technically challenging to implement.
• ISPs need to maintain a well-publicized security portal that includes directions for end-user bot removal.

The paper also includes sample end-user messages and a list of malware detection and removal tools. The best practices will continue to be revised to reflect new procedures and the evolution of new bots threats.

Users Under Estimate Bot Threat

A bot residing on a consumers’ computer is usually part of a larger network of machines programmed to perform specific, clandestine operations under the control of a “botmaster.” The malware is often installed on unsuspecting consumers’ machines when they click on an infected email or download illicit code from a compromised Web site. Bots are designed to operate stealthily ­– for example, sending spam or recording passwords and personal information without their owners’ knowledge – making it difficult for end-users to detect their machines are infected.

While about 80 percent of consumers are aware of bots, only 20 percent believe they will ever be infected, according to a survey MAAWG released in July (the survey and related news release are available at www.MAAWG.org). “ISPs need to take steps to protect users, but we also need to continually educate customers and work closely with them to contain bot propagation,” O’Reirdan said.

The new bot mitigation best practices are part of the ongoing work at MAAWG to confront messaging abuse. Previously, MAAWG has published best practices for managing port 25, using walled gardens, sharing dynamic IP address space, email forwarding practices, and senders best communications practices, among other topics.

The MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks can be downloaded from the organization’s Web site at www.MAAWG.org. The MAAWG consumer survey, published white papers and best practices also are available at the site.

San Francisco, July 15, 2009 – Everyone asks, “who would be so reckless as to click on this junk?” but almost a third of consumers admitted to responding to a message they suspected might be spam, according to a survey released today by the Messaging Anti-Abuse Working Group (MAAWG).  Also alarming, about 80 percent of users doubted their computers were at risk of ever being infected with a “bot,” which is a covertly planted virus capable of sending spam or causing other damage without the owner’s knowledge.

The results indicate a lack of awareness among consumers since industry reports indicate bots are responsible for generating much of today’s illegiti¬mate email.  MAAWG commissioned the study, “A Look at Consumers’ Awareness of Email Security and Practices,” to gauge users’ understanding of messaging threats and to identify how best to work with users in removing bots and viruses from infected systems.  The report is based on 800 interviews with computer users in the United States and Canada who said they were not “security experts” and who used email addresses that were not managed by a professional IT department.

The survey data creates a picture of users familiar with general email-based threats but not necessarily as alert or cautious as they should be to proactively protect themselves against spam, online fraud and other email-related hazards.  There also is no general consensus among consumers as to how network operators and industry vendors should interact with customers when addressing these issues.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection.  Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems,” said MAAWG Chair Michael O’Reirdan.

About two-thirds of the consumers surveyed considered themselves “very” or “somewhat” knowledgeable in Internet security.  While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no action to prevent abusive messages from entering their inbox.  A majority of consumers, 63 percent, would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

Offers a Framework for Working with Subscribers

Ferris Research, Inc., an industry analysis firm that tracks messaging issues, provided additional recommendations in the report for service providers and vendors based on the survey findings.  Among their suggestions is that network operators and vendors consider offering remote bot mitigation capabilities to differentiate their services from competitors.  Vendors also might consider refining spam filters based on the specific patterns defined in the study.

For example, the MAAWG survey found that users between the ages of 24 and 44 are more likely to use email for banking and bill statements, so industry vendors might focus on preventing phishing spam for these consumers.

Ferris Research Principal David Ferris said, “According to the MAAWG findings, about one in six people are prepared to make an effort to report spam and the industry should find more ways to tap into this potential.  Conversely, the volume of people who still respond to spam is regrettable because it’s an economic incentive to spammers,” he said.

This is the first consumer survey commissioned by MAAWG, which is the largest global trade association tackling messaging abuse.  Bots are one of the fastest growing email security issues.

The complete 60-page survey report, “A Look at Consumers’ Awareness of Email Security and Practices or ‘Of Course I Never Reply to Spam, Except Sometimes’” includes graphs, detailed findings and analysis.  It is available today at no cost on the MAAWG Web site, www.MAAWG.org.

San Francisco, May 21, 2009 – Two new hands-on training classes taught by recognized industry experts  — a class on IPv6 featuring a live IPv6 Web connection and a class on implementing DKIM email authentication –- will be available to attendees at the 16th MAAWG General Meeting at no cost.  The Messaging Anti-Abuse Working Group (MAAWG), the largest global trade association working against messaging exploitation, added the courses to help educate the industry on the latest techniques to manage messaging networks while protecting online users and improving email deliverability.

The MAAWG meeting, June 9-11 in Amsterdam, the Netherlands, will feature a keynote address by one of the top cybercrime officials at the European Commission, Radomir Jansky, on proposed EU legislative work addressing online attacks and botnets. There will also be more than 25 working sessions related to spam and mobile spam, botnets and messaging abuse.

The two training classes will be offered June 8 before the members-only meeting.  MAAWG meetings focus on cooperative global efforts, education and industry networking to combat messaging abuse in all its forms and generally attract hundreds of international attendees.

Practical, Expert Training, Live IPv6 Connectivity

“We added the new training classes to help our members take the lead in securing their networks and protecting their users.  The working professionals teaching these courses have a wide-ranging understanding of both the theoretical and practical side of these technologies and we are fortunate to have them share their knowledge,” said Michael O’Reirdan, MAAWG chairman.

The live IPv6 connectivity available for the training class and during the meeting will be provided by MAAWG member UPC Broadband, the European division of Liberty Global, Inc., which is a primary international cable operator providing television, broadband Internet and telephone services to approximately 10 million customers throughout 10 European countries. This will be the first exposure for many of the MAAWG attendees to a working IPv6 network.

The class will cover the fundamentals of the new protocol, including how to configure an operating system to connect with a network running IPv6 and an opportunity to connect to an IPv6 Web and mail server.  MAAWG IPv6 Committee Co-Chair John Jason Brzozowski and MAAWG Senior Advisor Joe St Sauver will teach the course.

The training session on implementing DKIM (DomainKeys Identified Mail), which uses cryptographic signing to identify the organization that is taking responsibility for a message, will provide practical instruction on applying the authentication method to email servers.  DKIM is one of several popular standards for adding trust back into email, helping services correctly identify and deliver safe mail.  The course will be taught by David Crocker, MAAWG senior advisor, Internet pioneer and principal of Brandenburg InternetWorking; and Cloudmark DKIM expert Murray Kucherawy.  Both are active in the DKIM standardization process.

Some of the topics to be covered in the 25 sessions during the three-day meeting are:
•    Cross-border enforcement mechanisms
•    Botnet recovery and mitigation issues
•    Inter-provider feedback mechanisms
•    Spam on mobile
•    Deliverability and delivery in Europe

A special MAAWG ISP Closed Colloquium, usually limited to service providers, will be opened to all attendees to encourage frank, open roundtable conversations on working within the industry to combat messaging abuse.  MAAWG members are ISPs, email providers, volume senders and security vendors.

More information on the upcoming meeting and on MAAWG is available at www.MAAWG.org.

San Francisco, Oct. 28, 2008 – Focusing on the urgent problems of identifying and removing botnets from end-users systems and preventing other online exploitation, the Messaging Anti-Abuse Working Group (MAAWG) initiated several new projects at its third meeting of the year.  The new work represents important steps forward in cooperative industry efforts to protect end-users by addressing the safe mitigation of botnets, ISP migration to IPv6, detection and reporting of compromised hosts, Web messaging abuse and other outbound abuse. The progress of these projects and other ongoing work will be reviewed at the 15th MAAWG General Meeting on February 17-19 in San Francisco, Calif.

“Botnet mitigation is exceedingly important in protecting end users from abuse and in maintaining a trusted online environment. MAAWG is aggressively responding to this rapidly growing threat,” said Michael O’Reirdan, MAAWG chairman.

“At the same time, we’re also continuing our day-to-day block and tackle work on authentication, feedback loops, abuse reporting and other topics.  They are all weapons in our armory,” O’Reirdan said.

“Bots” and “zombies” are computers infected with malicious code spread via contaminated emails, instant messages or Web sites and installed without the user’s permission.  The bots often are coordinated into covert networks used to send spam, or “botnets” that can entail hundreds of thousands of unsuspecting computers.  Users with polluted machines are generally unaware their systems are sending the abusive email, and among other threats, the malware might also capture users’ sensitive information for use by identity thieves.

The new and ongoing work to address botnets and other abuse issues from the MAAWG meeting held Sept. 22-24 in Ft. Lauderdale, Fla. included the formation of:

•    A botnet mitigation subcommittee that will develop best practices to safely remove malware from unsuspecting users’ computers
•    A subcommittee reviewing a novel method by which senders of solicited bulk email can detect that individual subscribers may have been infected by malware, and automatically report their suspicion to that subscriber’s ISP
•    An IPv6 and botnets subcommittee researching how IPv6 will impact botnet detection
•    A migrating to IPv6 subcommittee developing best practices for upgrading a messaging infrastructure
•    New working groups formed to address security issues in Web messaging and other outbound abuse
•    In addition, domain registrars are invited to comment on the current Registrars best practices draft by contacting MAAWG through its Web site: www.MAAWG.org

MAAWG is the largest industry organization uniting ISPs, mailbox providers and vendors from around the world against online abuse. The three-day, multi-track February meeting will feature panels, keynote speakers and open discussions with public policy representatives on tackling the increasing volumes of toxic abuse that endanger users and the industry.  Information on the meeting and on MAAWG is available at www.MAAWG.org.