M3AAWG is where all aspects of the messaging industry come together to work against spam, botnets, viruses, denial-of-service attacks and other online exploitation. Representing over one billion inboxes worldwide, we work to ensure a safe online experience for consumers by addressing messaging abuse holistically, including technology, industry collaboration and educating global policy makers on issues related to online abuse and messaging.
San Francisco, California 94109, United States of America
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG, usually spelled M³AAWG) is an international information technology industry forum that works to reduce the threat from bots, malware, spam, viruses, DoS attacks and other online exploitations. It is one of the largest global organizations working against all forms of messaging abuse and represents over a billion mailboxes among its global membership.
It started as a group of internet service providers, mobile network operators, telecommunications companies and infrastructure vendors, and anti-spam technology vendors in early 2004 to fight spam and help protect end-users. In the spirit of collaboration, it expanded to include email service providers and vetted parties interested in safeguarding the online ecosystem. The organization initially started as MAAWG, the Messaging Anti-Abuse Working Group, but as spam morphed into a widely recognized vector for spreading malware and other threats, the organization changed its name to the Messaging, Malware and Mobile Anti-Abuse Working Group in 2012 to better reflect its scope of work.
M3AAWG has three levels of membership:
Supporter, which is the least expensive and most popular level of membership
Full, which has additional privileges such as the option to chair a committee
Sponsor, which may include a seat on the Board of Directors
The role of M3AAWG is to bring various aspects of the industry together to discuss related anti-abuse issues and, based on this cooperative effort, produce best practices, public policy comments, white papers and other materials. It also provides an opportunity for professionals to share abuse information and their experience with their peers. Among the currently available published best practices is a document to help hosting service providers prevent abuse that was jointly published with the i2Coalition, anti-abuse recommendations for messaging service providers, best practices for high-volume email marketing senders and email service providers, and an updated white paper on email authentication. M3AAWG published the first best practices for mitigating bot infections in residential networks in July 2009, which were incorporated into the IETF's RFC 6561 a few years later. Although M3AAWG does not lobby on government or public policy matters, it does supply factual information to government organizations as they develop relevant policy or legislation,for example on anti-abuse issues with the proposed.
M3AAWG holds three members-only meetings each year, two in North America and one in Europe. The four-day long meetings are organized around multi-track conference sessions with colleagues and public policy representatives, best practices document working sessions, training courses and global networking opportunities. The meetings often are held in conjunction with other relevant organizations. In the past, M3AAWG has hosted the London Action Plan (LAP), the GSM Association Security Group (GSMA-SG), the Anti-Phishing Working Group, and other associations at its meetings.
In June 2015, M3AAWG jointly published the global Operation Safety-Net best practices with the London Action Plan. The cooperative global effort by industry and government experts is written in plain language and describes common online threats that are currently facing businesses, governments and end-users along with the proven best practices to mitigate them. M3AAWG also publishes Email Metrics Reports tracking the volume of abusive email using aggregated data provided by M3AAWG member ISPs, email providers and network operators and a Bot Metrics Report detailing the number of subscribers identified as having a system infected by malware, also known a "bot". It also has conducted two surveys looking at consumers' email practices: In 2009, it published a survey of North American users titled "Of Course I Never Click on Spam - Except Sometimes]" and in 2010 expanded the survey to cover both North America and Europe.
The YouTube channel has over 70 training, industry keynote and short topical videos on a wide range of computer security and cybercrime topics. Training videos range from how ISPs can identify and clean malware from customers' systems to a tutorial on using the Bettercrypto guide to more easily implement encryption. Keynotes include presentations on the state of the industry from renowned security experts Dan Geer and Brian Snow, among others.
Among its many industry partners, the EastWest Institute presented its EWI 2013 Cybersecurity Award to M3AAWG in recognition of its anti-abuse outreach in India and China and for facilitating cybersecurity global collaboration.
^Financial Times, "Secret war on web crooks revealed" by Maija Palmer, June 15, 2009 
#M3AAAWG50 is less than two weeks away! Registration closes on October 7th, so you still have time to sign up. Head to the M3AAWG website for more information on how to register and to view the live meeting agenda: https://www.m3aawg.org/upcoming-meetings
A recent @Microsoft report details increased efforts by foreign #cyber groups to interfere in the 2020 #election. Officials and voters must educate themselves on these threats and take steps to protect the #vote and ensure the integrity of the election: https://bit.ly/33YEjr4
Registration for #M3AAWG50, held virtually from October 12-15, is NOW OPEN! We’ll be addressing some of the most pressing topics in anti-abuse, including #AI, #regulation, and #email #security. To preview meeting sessions and register to attend, visit: https://bit.ly/33C4mnY
Ahead of our milestone 50th General Meeting, join us in celebrating M3AAWG’s journey from Founding to Fifty. We invite members, past and present, to use #M3AAWG50 to share their favorite memories. To learn more about our history, read our latest blog post: https://bit.ly/2E5XiHi
In our latest blog post, Rich Compton, Chair of M3AAWG’s Distributed Denial of Service (DDoS) SIG, discusses #DDoS attacks and the importance of Flow Specification (#Flowspec) standards in reducing and preventing outages. To learn more, visit: https://bit.ly/2RkBlqV
In a piece by @InfosecurityMag’s @emjJamescoker, @LenShneyder, Co-Chair of M3AAWG’s Election SIG, discusses the 2020 Election and the need for #campaign & #election officials to implement #authentication standards to secure #communications. Learn more at: https://bit.ly/3hgnInq
At M3AAWG 49, anti-abuse professionals discussed the impact of #COVID19 on #fraud in a joint session from M3AAWG & @CFCAFraud. @AaronFoss & @SaraWhitwell share key takeaways in our latest blog post: https://bit.ly/2Fq1cLi
In an interview with @InfosecurityMag’s @DanRaywood, @antifreeze, M3AAWG’s Technical Comm. Co-Chair, discusses our recently published #email #authentication BCP & the role of authentication in building trust in email #messaging. To read the article, visit: https://bit.ly/2ZlQmgO
As #COVID19 forces remote work for millions, #BEC attacks continue to rise. In a piece for @SecurityMag, Amy Cadagin, M3AAWG’s Executive Director, shares steps to prevent cyberattacks – like #spearphishing – while working remote. Read her piece here: https://bit.ly/2Z01X4Q
Today, we published our latest Best Common Practices guide on #email #authentication. In it, we outline standards #senders and #operators can implement to secure email #messaging; including the use of #DMARC, #DKIM and #SPF. To learn more, visit: https://bit.ly/34ZDdNN
Recent robo-messaging disinformation campaigns highlight the need for #campaign and #election officials to implement #messaging best practices to ensure receivers can trust political messages. To learn more, read our Political Text Messaging BCP: https://bit.ly/34ULYbW
According to analysis from @Proofpoint, 93% of global airlines included in the study have not implemented the recommended level of #DMARC protection and are potentially leaving their customers vulnerable to #email #fraud. More in @InfosecurityMag https://www.infosecurity-magazine.com/news/airlines-published-dmarc-email/