StopSpamAlliance.org

San Francisco, May 21, 2010 – As an industry service, the Messaging Anti-Abuse Working Group (MAAWG), the largest global anti-spam industry organization, has released its first online training video and is opening the technical training sessions at its next meeting to non-members for the first time, both at no cost. The new four-part tutorial by leading experts on DomainKeys Identified Mail (DKIM) is now available at the MAAWG website, and the live training courses on DNS security, complaint feedback loops, and DKIM at the MAAWG 19^th General Meeting in Barcelona, Spain, on June 7 will be open to the industry.

MAAWG is offering the free training to educate messaging professionals worldwide on the latest technologies to help prevent spam and fraudulent messages from reaching consumers. According to the organization’s email metrics reports (www.maawg.org/email_metrics_report), almost 90% of all email traffic is spam that is stopped before it reaches end-users’ inboxes.

“We’re facing an ever-escalating war with spam, phishing and email fraud. Recognizing the expertise that gathers at our members-only MAAWG meetings, we wanted to step up to the plate and make this knowledge more accessible to the global industry. The training will enable more messaging specialists to use these tools, and the more professionals capable of implementing advanced technologies, the better the email experience will be for all consumers,” said Michael O’Reirdan, MAAWG chairman.

Free Tutorial and Training Sessions Focus on Strategic Technologies

Now available online, the free DKIM implementation video looks at this popular standard that allows an organization to take responsibility for a message by securely affixing a domain name to it. This allows receivers to evaluate the reputation of the organization. Originally presented in February 2010, the tutorial is the first video in the MAAWG Training Series and runs one hour and 40 minutes. It is delivered in 20 to 35 minute segments covering theory and implementation that can be accessed at www.maawg.org/activities/training.

The DKIM video features Dave Crocker, MAAWG senior technical advisor and principal of Brandenburg InternetWorking, and Murray S. Kucherawy, Cloudmark principal engineer. Crocker has been instrumental in the adoption of the standard, and Kucherawy is the principal author of both Sendmail libdkim and OpenDKIM, the most widely used open source DKIM software.

All of the live training sessions at the MAAWG meeting on June 7 also will be taught by working professionals with extensive knowledge about the topic. In the past, the training sessions were only available to MAAWG members who attended the general meetings. The sessions now open to qualified non-members include:

– DNSSEC (DNS Security) – Paul Vixie, ARIN chairman, Internet Systems Consortium president, and author of several RFCs on DNS, will unravel the technical complexities and outline a path to successful implementation of DNSSEC by highlighting some of the major obstacles and challenges.

– Complaint Feedback Loop Implementation – will look at the technical and social aspects of FBL, from business costs and benefits to the operational issues of creating and using a feedback loop. Kate Nowrouzi, Fishbowl manager of ISP relations, and Heather Lord, a senior engineer in anti-abuse technology at a major ISP, will lead the session.

– DKIM Theory and Implementation – The leading standard for adding trust back into email, this session will explain how DKIM works and how to plan a DKIM strategy, deploy it on email servers, and use it as a trust-based tool. Taught by Crocker and Kucherawy, it will include any updates since the video was made.

Industry professionals can request to attend the June training sessions in Barcelona by selecting “training” as the inquiry type on the “Contact Us” form at the MAAWG website, http://www.maawg.org/contact_form, and sending a message specifying the session with the requestor’s name, company, title, phone number and email address.

More information on the courses is available at www.maawg.org/activities/training. The MAAWG 19^th General Meeting will be held June 8-10 in Barcelona. The three-day event following the training is open to members-only and will focus on mobile platforms. (Meeting details are in a May 18 MAAWG news release.)

San Francisco, March 24, 2010 – A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection.

“Consumers need to understand they are not powerless bystanders. They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman.

“When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said.

The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America. The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

• Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
• Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
• On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
• Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers. Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
• Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

San Francisco, Jan. 28, 2010 – With the participation of some of the industry’s largest ISPs, email providers and Internet companies, the Messaging Anti-Abuse Working Group (MAAWG) is focusing on how to better protect the end user from spam, bots and other messaging exploitations during its February meeting in San Francisco.  The three-day, multi-track event will feature experts from Google, Mozilla, Microsoft, all the major anti-virus vendors, social networking sites, and anti-spam researchers, among others.

The first of three MAAWG meetings this year, the goal of the Feb. 16-18 event is to encourage a frank discussion and share innovative techniques to better safeguard consumers, according to Michael O’Reirdan, MAAWG chairman.  MAAWG meetings are organized around a series of roundtables, expert presentations on groundbreaking work, and closed-door discussions on sensitive anti-spam issues.

Among the topics to be addressed at the meeting are:

• Web browser security
• The future of desktop and device email clients
• Domain registrar account security, such as problems that enabled the recent attack against a Chinese search engine
• Authentication and DKIM
• Wireless messaging abuse
• Bulk-email senders practices
• Initial results of the 2010 consumer email survey, expanded to cover both North America and Europe

The MAAWG ISP Closed Colloquium (ISPCC), held each day of the meeting, provides an opportunity for network operators to address confidential issues in private.  This session will be opened to all meeting participants the last day of the event, providing a unique opportunity for dialogue among ISPs, bulk senders and vendors.  Other MAAWG committee work will continue on best practices and white papers related to IPv6, port 53 issues, and feedback loops.  Financial Times journalist Joseph Menn will share his research into DDOS espionage, the basis of his new book Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

MAAWG meetings are open to members and invited experts only.  Registration and meeting information is available at www.MAAWG.org.

Information on the ITU Botnet Mitigation Toolkit website has been published today including a Powerpoint presentation overview of the project and background information on the toolkit along with botnet-related resources.

Today is Safer Internet Day which is an initiative which takes place on 6 February every year, and is organized by European Schoolnet, coordinator of Insafe, the European safer internet network. Viviane Reding, EU Commissioner for the Information Society and Media, is the patron of Safer Internet Day. Over 40 countries are participating in this fourth edition of Safer Internet Day.

The Safer Internet site is http://www.saferinternet.org and the blogathon site is http://blog.eun.org/SID2007/ that contains postings from many organizations.

The ITU’s entry in the blogathon is at http://blog.eun.org/SID2007/2007/02/itu_and_partnerships_for_globa.html and mentions the StopSpamAlliance.org initiative.