StopSpamAlliance.org

San Francisco, Aug. 18, 2010 – Demonstrating their commitment to work with the international online industry to protect consumers, Facebook and Tata Communications, a leading global telecom service provider that is part of India’s Tata Group, have joined the Messaging Anti-Abuse Working Group at the organization’s highest membership level and will serve on the MAAWG Board of Directors. MAAWG is the largest global organization targeting spam and other messaging exploits, and the new members will augment its presence both among social networking platforms and in emerging countries.

MAAWG has grown into an industry conduit for bringing together messaging experts working to curb spam and online abuse from around the world, from all aspects of the industry, and on all types of devices. Facebook has developers in over 180 countries and over 500 million users, including 150 million users actively accessing their accounts through mobile devices. The social media site will play an active role in MAAWG (www.maawg.org) work, interfacing with other members to develop industry practices to safeguard end-users.

Tata Communications (www.tatacommunications.com) is a global telecom service provider based in India, part of the $70.8 billion Tata Group, and it delivers managed solutions to global enterprises, service providers and Indian consumers. Along with its pan-continent network, it has a leadership position in emerging markets and will share its broad perspective as MAAWG develops best practices and in the organization’s public policies discussions.

“Both Facebook and Tata Communications will be engaging with other important social media platforms, global ISPs and the diversified constituents within the industry, to not only make sure the online world is open and connected, but to also ensure it remains as safe as possible for consumers,” said Michael O’Reirdan, MAAWG Chairman.

Joe Sullivan, Facebook’s Chief Security Officer added, “Our deep commitment to site security requires the development of robust technologies and active engagement with organizations like MAAWG. We look forward to collaborating with the entire working group to aggressively fight messaging abuse.”

The MAAWG 20^th General Meeting in Washington, D.C. on Oct. 4-6 will be an important venue for furthering this work. Attended by messaging and security specialists, public policy representatives and academic experts, it will feature professional training sessions open to the industry and multi-track presentations on global legislation, technology and policies to combat messaging abuse. The focus will be on participation in public policy and government initiatives along with ongoing committee work.

San Francisco, May 18, 2009 – The Messaging Anti-Abuse Working Group will host the GSMA Security Group at the MAAWG 19^th General Meeting in Barcelona on June 8-10 with a multi-track event focusing on all forms of spam delivery, including mobile, broadband, terrestrial and Web messaging. The meeting will also feature an insiders’ panel discussing the recent crackdown on the Mariposa botnet, sessions on mobile spam and abuse reporting technologies, and a look at critical technical and international public policy issues affecting abuse abatement.

The GSM Association Security Group (GSMA-SG) will participate on various MAAWG panels and will hold its own closed sessions. In addition, MAAWG is making several of its June 7 technical training sessions available to non-member industry professionals at no cost in an effort to share critical information with the market.

GSMA SG Chairman Charles Brookson said, “We both face very similar challenges, and we are looking forward to a fruitful meeting leading to ongoing cooperation.”

The three-day MAAWG meeting will include:

- Sessions on mobile spam reporting 7726, the state of bots on mobile networks, and expert discussions on the differences between Internet email and mobile messaging

- Panels on the Mariposa botnet and other international private/public initiatives to fight bots around the world

- An update on current international public policy concerns and potential projects

- DKIM (DomainKey Indentified Mail) signing strategies and MARF (Mail Abuse Reporting Format) sessions

- Working sessions on best practices for troubleshooting delivery problems and senders abuse reporting processes

- A comparison of the best – and worst – email marketing practices in both the United States and Europe

- A review of domain hacking and protection technologies, DNS Security case studies and DNSSEC deployment

To facilitate industry-wide dialogue, the ISP Closed Colloquium, usually restricted to MAAWG service providers, will be opened to all MAAWG members on June 10, including senders and vendors.

MAAWG, the largest industry organization working worldwide to combat all types of messaging abuse, invited GSMA to participate in the meeting because of its significant role representing the international mobile communications industry.

MAAWG Chairman Michael O’Reirdan said, “Spam, phishing and other types of messaging abuse move across devices and platforms as seamlessly as they travel across country borders these days. At MAAWG, our mission is to pursue industry cooperation to protect consumers and provide a safe online experience.”

Information on the meeting is available at the MAAWG website, www.maawg.org. Industry professionals also can find more information on the training there.

San Francisco, Dec. 17, 2009 – Bolstering industry cooperation against malware, bots and spam, the Messaging Anti-Abuse Working Group (MAAWG) has formalized new liaison relationships with the international standards body IETF (Internet Engineering Task Force), and BITS, the technology policy division of the Financial Services Roundtable representing 100 of the largest U.S. financial institutions providing banking, insurance, and investment products and services.

The new liaisons will help expedite the adoption of MAAWG best practices among a wider audience of industry professionals. The IETF is beginning work to convert selected MAAWG documents into industry-adopted Best Common Practices and will comment on MAAWG technology recommendations for tackling spam and malware. BITS will also provide important feedback to MAAWG working committees on email authentication and the specific messaging concerns facing the financial services industry.

“Sharing anti-abuse expertise and industry best practices is our first line of defense as the industry works to protect end-users. Our relationships with the IETF and BITS will be a conduit between the extensive knowledge of these organizations and the expertise of MAAWG members who are on the front lines of fighting spam. MAAWG members are ISPs, email providers, volume senders, social networking sites and anti-virus vendors, all of whom interface with users everyday,” said MAAWG Chairman Michael O’Reirdan.

New Liaisons Expand Industry’s Messaging Safety Efforts

As an industry association, MAAWG issues recommended best practices developed by its members. The IETF (www.ietf.org) is an international governing body overseeing Internet operations and will publish selected MAAWG work as industry-official Best Common Practices.

The IETF liaison to MAAWG, Barry Leiba, said, “The new liaison relationship between the IETF and MAAWG will give us a channel to get work flowing between the two organizations. We expect to get more input into IETF standards from MAAWG members, and to get more exposure and feedback on some of MAAWG’s work by bringing it into the IETF.”

The Financial Services Roundtable’s BITS division (www.bits.org) will work with MAAWG on email authentication and other messaging issues.

BITS Vice President of Security Paul Smocer said, “We’re pleased to form this formal liaison with MAAWG. Combating email abuse through strong email authentication is a priority for BITS members and their customers. MAAWG support to help promote email authentication is a clear indication of both the ISPs and messaging industry’s commitment to consumer protection in general, and the financial services industry’s efforts to work with our service providers.” BITS focuses on strategic issues where industry cooperation serves the public good, such as critical infrastructure protection, fraud prevention, and the safety of financial services.

San Francisco, July 31, 2009 – With the growing problem of bot infestations contributing to spam, identity theft and online fraud, the Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users’ machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware.

Bots, or malware running on users’ computers without their knowledge, are responsible for generating up to 90 percent of spam and can also be used to steal personal information or take part in DDOS (distributed denial of service) attacks. MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks (Version 1.0) outlines strategies used by some of the largest ISPs worldwide yet was developed to be scalable for smaller network operators and to consider legal and process differences among countries.

“Bots are a global affliction and these best practices are an important step in educating the industry on the appropriate processes to help protect consumers. We’re sharing the experiences of our global membership so that network operators everywhere can more aggressively tackle this problem. As an industry, we are becoming more proactive in alerting customers when bots are detected on their computers and in helping users remove the malware before it can harm them,” said MAAWG Chairman Michael O’Reirdan.

The new best practices outline various options for alerting customers when their computers are infected and has suggestions for helping end-users clean their systems. The paper discusses bot detection methods, customer notification, and the use of walled gardens to limit infected machines’ exposure to the Internet. Among the recommendations:

• While protecting users’ privacy, network operators can use various tools to detect infected end-user computers, including DNS, scanning the IP space to identify vulnerable computers, and collecting IP traffic information for known command and control addresses.
• Email, phone calls to customers, postal mail and walled gardens are common notification tools, each with their own considerations. In-browser messages are considered to be among the most effective methods to alert customers but also can be technically challenging to implement.
• ISPs need to maintain a well-publicized security portal that includes directions for end-user bot removal.

The paper also includes sample end-user messages and a list of malware detection and removal tools. The best practices will continue to be revised to reflect new procedures and the evolution of new bots threats.

Users Under Estimate Bot Threat

A bot residing on a consumers’ computer is usually part of a larger network of machines programmed to perform specific, clandestine operations under the control of a “botmaster.” The malware is often installed on unsuspecting consumers’ machines when they click on an infected email or download illicit code from a compromised Web site. Bots are designed to operate stealthily ­– for example, sending spam or recording passwords and personal information without their owners’ knowledge – making it difficult for end-users to detect their machines are infected.

While about 80 percent of consumers are aware of bots, only 20 percent believe they will ever be infected, according to a survey MAAWG released in July (the survey and related news release are available at www.MAAWG.org). “ISPs need to take steps to protect users, but we also need to continually educate customers and work closely with them to contain bot propagation,” O’Reirdan said.

The new bot mitigation best practices are part of the ongoing work at MAAWG to confront messaging abuse. Previously, MAAWG has published best practices for managing port 25, using walled gardens, sharing dynamic IP address space, email forwarding practices, and senders best communications practices, among other topics.

The MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks can be downloaded from the organization’s Web site at www.MAAWG.org. The MAAWG consumer survey, published white papers and best practices also are available at the site.

San Francisco, July 15, 2009 – Everyone asks, “who would be so reckless as to click on this junk?” but almost a third of consumers admitted to responding to a message they suspected might be spam, according to a survey released today by the Messaging Anti-Abuse Working Group (MAAWG).  Also alarming, about 80 percent of users doubted their computers were at risk of ever being infected with a “bot,” which is a covertly planted virus capable of sending spam or causing other damage without the owner’s knowledge.

The results indicate a lack of awareness among consumers since industry reports indicate bots are responsible for generating much of today’s illegiti¬mate email.  MAAWG commissioned the study, “A Look at Consumers’ Awareness of Email Security and Practices,” to gauge users’ understanding of messaging threats and to identify how best to work with users in removing bots and viruses from infected systems.  The report is based on 800 interviews with computer users in the United States and Canada who said they were not “security experts” and who used email addresses that were not managed by a professional IT department.

The survey data creates a picture of users familiar with general email-based threats but not necessarily as alert or cautious as they should be to proactively protect themselves against spam, online fraud and other email-related hazards.  There also is no general consensus among consumers as to how network operators and industry vendors should interact with customers when addressing these issues.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection.  Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems,” said MAAWG Chair Michael O’Reirdan.

About two-thirds of the consumers surveyed considered themselves “very” or “somewhat” knowledgeable in Internet security.  While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no action to prevent abusive messages from entering their inbox.  A majority of consumers, 63 percent, would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

Offers a Framework for Working with Subscribers

Ferris Research, Inc., an industry analysis firm that tracks messaging issues, provided additional recommendations in the report for service providers and vendors based on the survey findings.  Among their suggestions is that network operators and vendors consider offering remote bot mitigation capabilities to differentiate their services from competitors.  Vendors also might consider refining spam filters based on the specific patterns defined in the study.

For example, the MAAWG survey found that users between the ages of 24 and 44 are more likely to use email for banking and bill statements, so industry vendors might focus on preventing phishing spam for these consumers.

Ferris Research Principal David Ferris said, “According to the MAAWG findings, about one in six people are prepared to make an effort to report spam and the industry should find more ways to tap into this potential.  Conversely, the volume of people who still respond to spam is regrettable because it’s an economic incentive to spammers,” he said.

This is the first consumer survey commissioned by MAAWG, which is the largest global trade association tackling messaging abuse.  Bots are one of the fastest growing email security issues.

The complete 60-page survey report, “A Look at Consumers’ Awareness of Email Security and Practices or ‘Of Course I Never Reply to Spam, Except Sometimes’” includes graphs, detailed findings and analysis.  It is available today at no cost on the MAAWG Web site, www.MAAWG.org.

San Francisco, May 21, 2009 – Two new hands-on training classes taught by recognized industry experts  — a class on IPv6 featuring a live IPv6 Web connection and a class on implementing DKIM email authentication –- will be available to attendees at the 16th MAAWG General Meeting at no cost.  The Messaging Anti-Abuse Working Group (MAAWG), the largest global trade association working against messaging exploitation, added the courses to help educate the industry on the latest techniques to manage messaging networks while protecting online users and improving email deliverability.

The MAAWG meeting, June 9-11 in Amsterdam, the Netherlands, will feature a keynote address by one of the top cybercrime officials at the European Commission, Radomir Jansky, on proposed EU legislative work addressing online attacks and botnets. There will also be more than 25 working sessions related to spam and mobile spam, botnets and messaging abuse.

The two training classes will be offered June 8 before the members-only meeting.  MAAWG meetings focus on cooperative global efforts, education and industry networking to combat messaging abuse in all its forms and generally attract hundreds of international attendees.

Practical, Expert Training, Live IPv6 Connectivity

“We added the new training classes to help our members take the lead in securing their networks and protecting their users.  The working professionals teaching these courses have a wide-ranging understanding of both the theoretical and practical side of these technologies and we are fortunate to have them share their knowledge,” said Michael O’Reirdan, MAAWG chairman.

The live IPv6 connectivity available for the training class and during the meeting will be provided by MAAWG member UPC Broadband, the European division of Liberty Global, Inc., which is a primary international cable operator providing television, broadband Internet and telephone services to approximately 10 million customers throughout 10 European countries. This will be the first exposure for many of the MAAWG attendees to a working IPv6 network.

The class will cover the fundamentals of the new protocol, including how to configure an operating system to connect with a network running IPv6 and an opportunity to connect to an IPv6 Web and mail server.  MAAWG IPv6 Committee Co-Chair John Jason Brzozowski and MAAWG Senior Advisor Joe St Sauver will teach the course.

The training session on implementing DKIM (DomainKeys Identified Mail), which uses cryptographic signing to identify the organization that is taking responsibility for a message, will provide practical instruction on applying the authentication method to email servers.  DKIM is one of several popular standards for adding trust back into email, helping services correctly identify and deliver safe mail.  The course will be taught by David Crocker, MAAWG senior advisor, Internet pioneer and principal of Brandenburg InternetWorking; and Cloudmark DKIM expert Murray Kucherawy.  Both are active in the DKIM standardization process.

Some of the topics to be covered in the 25 sessions during the three-day meeting are:
•    Cross-border enforcement mechanisms
•    Botnet recovery and mitigation issues
•    Inter-provider feedback mechanisms
•    Spam on mobile
•    Deliverability and delivery in Europe

A special MAAWG ISP Closed Colloquium, usually limited to service providers, will be opened to all attendees to encourage frank, open roundtable conversations on working within the industry to combat messaging abuse.  MAAWG members are ISPs, email providers, volume senders and security vendors.

More information on the upcoming meeting and on MAAWG is available at www.MAAWG.org.

San Francisco, Oct. 28, 2008 – Focusing on the urgent problems of identifying and removing botnets from end-users systems and preventing other online exploitation, the Messaging Anti-Abuse Working Group (MAAWG) initiated several new projects at its third meeting of the year.  The new work represents important steps forward in cooperative industry efforts to protect end-users by addressing the safe mitigation of botnets, ISP migration to IPv6, detection and reporting of compromised hosts, Web messaging abuse and other outbound abuse. The progress of these projects and other ongoing work will be reviewed at the 15th MAAWG General Meeting on February 17-19 in San Francisco, Calif.

“Botnet mitigation is exceedingly important in protecting end users from abuse and in maintaining a trusted online environment. MAAWG is aggressively responding to this rapidly growing threat,” said Michael O’Reirdan, MAAWG chairman.

“At the same time, we’re also continuing our day-to-day block and tackle work on authentication, feedback loops, abuse reporting and other topics.  They are all weapons in our armory,” O’Reirdan said.

“Bots” and “zombies” are computers infected with malicious code spread via contaminated emails, instant messages or Web sites and installed without the user’s permission.  The bots often are coordinated into covert networks used to send spam, or “botnets” that can entail hundreds of thousands of unsuspecting computers.  Users with polluted machines are generally unaware their systems are sending the abusive email, and among other threats, the malware might also capture users’ sensitive information for use by identity thieves.

The new and ongoing work to address botnets and other abuse issues from the MAAWG meeting held Sept. 22-24 in Ft. Lauderdale, Fla. included the formation of:

•    A botnet mitigation subcommittee that will develop best practices to safely remove malware from unsuspecting users’ computers
•    A subcommittee reviewing a novel method by which senders of solicited bulk email can detect that individual subscribers may have been infected by malware, and automatically report their suspicion to that subscriber’s ISP
•    An IPv6 and botnets subcommittee researching how IPv6 will impact botnet detection
•    A migrating to IPv6 subcommittee developing best practices for upgrading a messaging infrastructure
•    New working groups formed to address security issues in Web messaging and other outbound abuse
•    In addition, domain registrars are invited to comment on the current Registrars best practices draft by contacting MAAWG through its Web site: www.MAAWG.org

MAAWG is the largest industry organization uniting ISPs, mailbox providers and vendors from around the world against online abuse. The three-day, multi-track February meeting will feature panels, keynote speakers and open discussions with public policy representatives on tackling the increasing volumes of toxic abuse that endanger users and the industry.  Information on the meeting and on MAAWG is available at www.MAAWG.org.

SAN FRANCISCO, June 25, 2008 – Network operators and ISPs from around the world have cooperated on two new best practice papers addressing technical issues that will help block botnet-induced spam and improve the deliverability of consumers’ personal emails.  The recommendations for sharing IP address space and for email forwarding were approved at a Messaging Anti-Abuse Working Group (MAAWG) meeting in Heidelberg, Germany last week and are available today.

“MAAWG Methods for Sharing Dynamic IP Address Space Information with Others” resolves a concern heightened by the proliferation of botnets, which often use dynamic addresses to send spam.  The paper describes four approaches to make these addresses more easily obtainable by mailbox providers and includes a discussion of the advantages and disadvantages of each.

The methods in the paper “MAAWG Recommendations: Email Forwarding Best Practices” will help ISPs distinguish legitimate consumers using a forwarding service from spammers.  It outlines practices to improve cooperation between volume forwarders and network operators to avoid unintentionally blocking valid accounts because of abusive incoming mail.

Help Distinguish Legitimate from Potentially Criminal

The address sharing recommendations were developed to assist mailbox providers that do not accept email sent from dynamic IP addresses.  While most consumers connect to the Web through modems using a dynamic address, their email is usually funneled through their ISP’s mail server, which has a static (non-changing) IP address.  But when a bot invades a consumer’s computer, it often bypasses the ISP’s mail server so that the resulting spam comes directly from the user’s dynamic address. Identifying the ranges of network addresses that each ISP has assigned as dynamic addresses so that mailbox providers can identify and cut off botnet-induced spam, has been a complex and difficult process.

“There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it.  The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users’ inboxes,” said J.D. Falk, MAAWG Board member and Return Path director of product management.

The forwarding best practices also provide technical recommendations to improve communications between sending and receiving entities.  Many mailbox providers and institutions offer consumers either a permanent email address or a short-lived, temporary address set up so that messages are forwarded to consumers’ underlying ISP account.  Over time, these addresses may receive and forward a significant volume of junk mail, causing the user’s ISP to conclude that the forwarding service is a spam source and block all incoming mail from that service.  The MAAWG paper outlines steps forwarders can implement to improve deliverability and speed problem resolutions, such as separating sending and forwarding server functions. Practices for receivers include posting policies on the Web and recognizing IP space designated for forwarding.

Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies, said, “Any address will attract some spam and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it.  Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked.”

Both papers are available at no cost from the MAAWG Web site, www.MAAWG.org.  They were finalized at the MAAWG 13th General Meeting, which was attended by over 230 abuse and privacy professionals from ISPs, email providers and vendors representing 18 countries.  The trade association’s final meeting for 2008 will be Sept. 22-24 in Fort Lauderdale, Fl., and will include working sessions and expert speakers on a variety of topics including botnets and increasing worldwide anti-abuse cooperation.

San Francisco, April 22, 2008 – The Messaging Anti-Abuse Working Group (MAAWG) has released version 2.0 of its Senders Best Communications Practices defining how volume email senders can improve the deliverability of legitimate e-newsletters and permission-based e-marketing. The recommendations, originally issued last year as one of the first collaborative efforts between network operators and volume senders worldwide, has been updated to address new forms of spam and to clarify permission options.

Available today at the MAAWG site www.MAAWG.org, the updated best practices include new guidelines to help legitimate email avoid being mistaken for image-based junk mail, which has become a popular spamming technique. List permission and opt-in recommendations have been amended to reflect current practices, and recommended user-unsubscribe processes are clarified, along with other updates to the document, according to Dennis Dayman, MAAWG senders committee co-chair and Eloqua Corp. chief privacy officer.

“The MAAWG senders best practices are intended to help protect users’ online experience by improving industry cooperation and communication. For example, in this update we advise e-marketers not to embed unsubscribe instructions in an image or icon, as many users’ systems will automatically block the message or not display the icon,” Dayman said.

Originally issued by MAAWG last year, the best practices were developed through the cooperative effort of the industry’s largest ISPs, network operators and vendors. The original practices also were endorsed by other trade associations, such as CAUCE (Coalition Against Unsolicited Commercial Email), an organization that represents Internet users and email recipients.

San Francisco, April 1, 2008 – Setting the stage for a better understanding of sender authentication as a technology to combat junk email, the Messaging Anti-Abuse Working Group (MAAWG) has released a new white paper describing the practice as a foundation for protecting legitimate Internet mail. “Trust in Email Begins with Authentication” provides an overview of the technology by focusing on the standardized mechanisms in general use today, Sender Policy Framework (SPF), Sender IDentification Framework (SenderID), and DomainKeys Identified Mail (DKIM).

“Authentication mechanisms can help distinguish legitimate email from spam.  When used as part of a multi-faceted anti-abuse program, it is an important tool to help protect business brands from forgery and phishing attacks,” said Dave Crocker, the MAAWG senior advisor who edited the paper and principal at Brandenburg InternetWorking.

Email authentication mechanisms are used to validate the identity of an email’s sender, stifling would-be spammers who often forge the “From” field in an email message to avoid detection.  The executive summary of the MAAWG paper provides an overview of how authentication can be used to protect email and is intended for general business managers.  The main body provides more detail on SPF, SenderID, and DKIM mechanisms and is intended for technical readers familiar with basic Internet mail service.

“Trust in Email Begins with Authentication” is available at no cost at the MAAWG Web site, www.MAAWG.org.