Notice: fwrite(): Write of 22 bytes failed with errno=28 No space left on device in /srv/icannwiki/public_html/includes/libs/uuid/GlobalIdGenerator.php on line 553
Messaging Malware Mobile Anti-Abuse Working Group: Difference between revisions - ICANNWiki Jump to content

Messaging Malware Mobile Anti-Abuse Working Group: Difference between revisions

From ICANNWiki
Marie Cabural (talk | contribs)
 
(11 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{CompanyInfo|
{{CompanyInfo|
| logo            = MAAWG.JPG
| logo            = M3AAWGlogo.png
| type            =  
| type            =  
| industry        = Internet
| industry        = Internet
Line 12: Line 12:
| employees      =   
| employees      =   
| revenue        =
| revenue        =
| website        = [http://www.maawg.org www.maawg.org]
| website        = [http://www.m3aawg.org www.m3aawg.org]
| blog            =
| blog            =
| facebook        =  
| facebook        =  
| linkedin        =  
| linkedin        =  
| twitter        =  
| twitter        =  
| keypeople      = [[Jerry Upton]], Executive Director<br>  
| keypeople      = [[Amy Cadagin]], Executive Director<br>  
[[Michael O’Reirdan]], Chairman<br>
[[Alex Bobotek]], Co-Vice Chairman<br>
[[Chris Roosenraad]], Co-Vice Chairman<br>
[[Dave Crocker]], Senior Advisor
}}
}}


'''MAAWG''' is the acronym for '''Messaging Anti-Abuse Working Group''', which is a non-profit international organization primarily engaged in preventing online abuses such [[DDoS|denial of service attacks]], phishing, spam, viruses and many other cyber crimes. The organization uses industry collaboration, technology, and public policy to provide solutions related to online messaging abuses. MAAWG was founded in 2004 and its headquarters is located in San Francisco, California.<ref>[http://www.maawg.org/about_maawg About MAAWG]</ref>
'''M3AAWG''', founded in 2004 as MAAWG, is the acronym for '''Messaging Malware Mobile Anti-Abuse Working Group'''. It is a technology-neutral global industry association. As a working group, they develop cooperative approaches for fighting online abuse. They have over 200 members worldwide, including Internet service providers (ISPs), communications service providers, social networking companies, hosting and cloud services providers, major antivirus vendors and security vendors, email service providers, leading hardware and software vendors and major brands, as well as invited experts, government agencies and related industry groups and industry partners.  M3AAWG intention is to brings industry together to help fight and prevent online abuse, focusing on protecting communications, data privacy and security, and the supply chain.<ref>[https://www.m3aawg.org/about-m3aawg About]</ref>


Since its establishment, MAAWG has been active in helping protect internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report that covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. MAAWG also provides comments on public policies and provides training courses related to cyber security. Its documents are published in different languages including Arabic, Chinese, French, German,Portuguese, Russian, and Spanish.
Since its establishment, M3AAWG has been active in helping protect Internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report that covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. M3AAWG also provides comments on public policies and provides training courses related to cyber security. Its documents are published in different languages including Arabic, Chinese, French, German,Portuguese, Russian, and Spanish.


The members of MAAWG are categorized as '''Sponsor''', '''Full Member''' and '''Supporter'''. Some of the organizations sponsor members are [[AOL]], [[AT&T]], [[France Telecom]], [[Cloudmark]] Inc., [[Facebook]], [[Yahoo]]!.<ref>[http://www.maawg.org/about/roster Member Roster]</ref> The members of the organization meet three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.<ref>[http://www.maawg.org/events/upcoming_meetings Meetings]</ref>
The members of M3AAWG are categorized as '''Sponsor''', '''Full Member''' and '''Supporter'''. Some of the organizations sponsor members are [[AOL]], [[AT&T]], [[France Telecom]], [[Cloudmark]] Inc., [[Facebook]], [[Yahoo]]!.<ref>[http://www.m3aawg.org/about/roster Member Roster]</ref> The members of the organization meet three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.<ref>[http://www.m3aawg.org/events/upcoming_meetings Meetings]</ref>
   
   
==ICANN Involvement==
==ICANN Involvement==
The Messaging Anti-Abuse Working Group actively shares its commentaries on various [[ICANN]] policies. On July 28, 2010, MAAWG praised the Internet governing body's initiative in preparing an initial report regarding its plans to improve the [[RAA|Registration Accreditation Agreement]]. MAAWG supported the issues identified as high priority on the '''Initial Report on Proposals for Improvements to the RAA''' and emphasized that these should be incorporated into the new RAA. These issues include:<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_RAA_Changes-2010-07.pdf MAAWG Comments on ICANN Report RAA-Improvements-Proposal-28May10]</ref>
The Messaging Malware Mobile Anti-Abuse Working Group actively shares its commentaries on various [[ICANN]] policies. On July 28, 2010, M3AAWG praised the Internet governing body's initiative in preparing an initial report regarding its plans to improve the [[RAA|Registration Accreditation Agreement]]. M3AAWG supported the issues identified as high priority on the '''Initial Report on Proposals for Improvements to the RAA''' and emphasized that these should be incorporated into the new RAA. These issues include:<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_RAA_Changes-2010-07.pdf MAAWG Comments on ICANN Report RAA-Improvements-Proposal-28May10]</ref>
* Leave it to registrars to investigate malicious conduct
* Leave it to registrars to investigate malicious conduct
* A competent technical point of contact on malicious conduct issues should be designated and available 24/7
* A competent technical point of contact on malicious conduct issues should be designated and available 24/7
Line 39: Line 35:
* PCI compliance should be required in the registration process
* PCI compliance should be required in the registration process
* Provide a clear definition for "reseller" and registrar's responsibility for reseller compliance  
* Provide a clear definition for "reseller" and registrar's responsibility for reseller compliance  
* Registrars should be required to fully disclose affiliates/multiple accreditations as well as the registrar contact information, type of business organization,officers, etc
* Registrars should be required to fully disclose affiliates/multiple accreditations as well as the registrar contact information, type of business organization, officers, etc


MAAWAG also provided comments on the following issues:
M3AAWG also provided comments on the following issues:
* '''ICANN Study on the Prevalence of Domain Names Registered using a Privacy or Proxy Registration Service among the top 5 [[gTLD]]s''' -MAAWAG commented that the result of ICANN's study that approximately 20% of domains use proxy or privacy service is consistent with their observation including the fact that majority of those 20% do not provide any information regarding the beneficial user's identity. In addition. MAAWAG encouraged ICANN to further investigate if there are TLDs/Registrars with disproportionately high or low number of proxy or privacy registration. Furthermore, the organization also agree that ICANN's plan to conduct further proxy/privacy study to document the relay and reveal practices of proxy/privacy services is important and encouraged ICANN to implement its plan the soonest possible time. <ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Study_Prevalence_Domains%202010-10.pdf ICANN Study on the Prevalence of Domain Names Registered using a Privacy or Proxy Registration Service among the top 5 gTLDs]</ref>
* '''ICANN Study on the Prevalence of Domain Names Registered using a Privacy or Proxy Registration Service among the top 5 [[gTLD]]s''' - M3AAWG commented that the result of ICANN's study, which found that approximately 20% of domains use proxy or privacy service, is consistent with their own observation on the matter, including the fact that a majority of those 20% do not provide any information regarding the beneficial user's identity. In addition, M3AAWG encouraged ICANN to further investigate whether there were TLDs/Registrars with disproportionately high or low numbers of proxy or privacy registration. The organization also agreed that ICANN's plan to conduct further proxy/privacy studies to document the relay and reveal practices of proxy/privacy services was important and encouraged ICANN to implement its plan as soon as possible.<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Study_Prevalence_Domains%202010-10.pdf ICANN Study on the Prevalence of Domain Names Registered using a Privacy or Proxy Registration Service among the top 5 gTLDs]</ref>
* '''ICANN’s proposed 2011 Plan for Enhancing Internet Security, Stability and Resiliency'''- MAAWAG concurred that ICANN should define its limited role in security, stability and resiliency of the internet in the 2009 plan to avoid "mission creep" into inappropriate areas. MAAWAG also emphasized that ICANN must recognize the extent of mission and role in relationship with other organizations. The organization cited that ICANN's primary mission is related to the domain name system and its role is to ensure that the stability, security, resilience and scalability of the internet is always maintained. MAAWAG also pointed that ICANN's is also responsible in collaborating with different organizations, government agencies and the global internet community in fighting against abuse of the [[DNS]].<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Enhancing_Security_Stability_Resiliency_2010-11.pdf Comments on ICANN’s proposed 2011 Plan for Enhancing Internet Security, Stability and Resiliency]</ref>
* '''ICANN’s proposed 2011 Plan for Enhancing Internet Security, Stability and Resiliency''' - M3AAWG concurred that ICANN should define its limited role in the security, stability and resiliency of the Internet in the 2009 plan to avoid letting the mission creeping into inappropriate areas. M3AAWG also emphasized that ICANN must recognize the extent of its mission and role in relationship with other organizations. The organization cited that ICANN's primary mission was related to the [[DNS|domain name system]], and its role was to ensure that the stability, security, resiliency, and scalability of the internet was always maintained. M3AAWG also pointed that ICANN is also responsible for collaborating with different organizations, government agencies and the global internet community in fighting against abuse of the DNS.<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Enhancing_Security_Stability_Resiliency_2010-11.pdf Comments on ICANN’s proposed 2011 Plan for Enhancing Internet Security, Stability and Resiliency]</ref>
* '''ICANN Whois Review Team'''- MAAWAG recommended that ICANN should require registries to adopt the "thick" [[Whois]] Service to be able to provide reliable service and standardized report formats. The organization is against the proposal that only law enforcement agencies are allowed to have access to the Whois database and suggested that the accuracy and reliability of the Whois service should be maintained.In addition, MAAWAG encouraged ICANN to provide a quarterly summary report on the volume of inaccuracy incident reports received through the '''WHOIS Data Problem Reporting System (WDPRS)''' and encouraged the Whois Review Team to include technological improvements on the Whois service.<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_WHOIS_Review_2011-04.pdf Comments on Whois Review Team]</ref>
* '''ICANN Whois Review Team''' - M3AAWG recommended that ICANN should require [[registry|registries]] to adopt the "thick" [[Whois]] Service, in order to be able to provide reliable service and standardized report formats. The organization is against the proposal that only law enforcement agencies should be allowed access to the Whois database, and suggested that the accuracy and reliability of the Whois service should be maintained. In addition, M3AAWG encouraged ICANN to provide a quarterly summary report on the volume of inaccuracy incident reports received through the WHOIS Data Problem Reporting System ([[WDPRS]]) and encouraged the [[Whois Review Team]] to include technological improvements on the Whois service.<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_WHOIS_Review_2011-04.pdf Comments on Whois Review Team]</ref>
* '''ICANN’s Draft FY2012 Budget'''
* '''ICANN’s Draft FY2012 Budget''' - M3AAWG reviewed the proposed ICANN budget for fiscal year 2012 and commended the budget allocation on the following important areas, marking them as priorities:
MAAWAG reviewed the proposed ICANN budget for fiscal year 2012 and emphasized that the organization commended the global internet governing body's budget allocation on important areas as its priority such as:<ref>
[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Budget_Comments-2011-06.pdf  Comments on ICANN’s Draft FY2012 Budget]</ref>
# Registrar Oversight
# Registrar Oversight
# Whois Operation and Usability
# Whois Operation and Usability
# Scalable access to zone file data given the imminent addition of new gTLDs
# Scalable access to zone file data given the imminent addition of new gTLDs
# Cooperation with law enforcement, government regulators, and non-governmental organizations to prevent or respond to cybercrime and Internet abuse
# Cooperation with law enforcement, government regulators, and non-governmental organizations to prevent or respond to cybercrime and Internet abuse
M3AAWG also observed a 17.9% increase on the budget allocated for Global Engagement and International Participation, compared with the FY 2011 budget. The organization also noted that no specific budget had been allocated to improve the zone file access, and the effort provided to reach out to the law enforcement needs of the community was limited. In addition, M3AAWG pointed out that ICANN's operating expenses increased by 13%, whereas its revenue was only up by 6.5%. Given those facts, M3AAWG suggested that ICANN should take measures to reduce its expenditures or to increase its revenues.<ref>
[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_Budget_Comments-2011-06.pdf  Comments on ICANN’s Draft FY2012 Budget]</ref>


The organizations also observed that


==Senior Technical Advisors==
* Dr Richard Clayton, Security Researcher-University of Cambridge
* Dave Crocker, Brandenburg InternetWorking-Principal
* David Dagon, J.D. Florida State University College of Law
* John R. Levine, Taughannock Networks-Founder
* April Lorenzen, Internet Security Researcher
* Dr. Joe St Sauver, Manager Internet2 Security Programs


==References==
==References==
{{reflist}}
{{reflist}}





Latest revision as of 18:03, 23 October 2024

Industry: Internet
Founded: 2004
Headquarters: San Francisco, California
Country: USA
Website: www.m3aawg.org
Key People
Amy Cadagin, Executive Director

M3AAWG, founded in 2004 as MAAWG, is the acronym for Messaging Malware Mobile Anti-Abuse Working Group. It is a technology-neutral global industry association. As a working group, they develop cooperative approaches for fighting online abuse. They have over 200 members worldwide, including Internet service providers (ISPs), communications service providers, social networking companies, hosting and cloud services providers, major antivirus vendors and security vendors, email service providers, leading hardware and software vendors and major brands, as well as invited experts, government agencies and related industry groups and industry partners. M3AAWG intention is to brings industry together to help fight and prevent online abuse, focusing on protecting communications, data privacy and security, and the supply chain.[1]

Since its establishment, M3AAWG has been active in helping protect Internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report that covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. M3AAWG also provides comments on public policies and provides training courses related to cyber security. Its documents are published in different languages including Arabic, Chinese, French, German,Portuguese, Russian, and Spanish.

The members of M3AAWG are categorized as Sponsor, Full Member and Supporter. Some of the organizations sponsor members are AOL, AT&T, France Telecom, Cloudmark Inc., Facebook, Yahoo!.[2] The members of the organization meet three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.[3]

ICANN Involvement[edit | edit source]

The Messaging Malware Mobile Anti-Abuse Working Group actively shares its commentaries on various ICANN policies. On July 28, 2010, M3AAWG praised the Internet governing body's initiative in preparing an initial report regarding its plans to improve the Registration Accreditation Agreement. M3AAWG supported the issues identified as high priority on the Initial Report on Proposals for Improvements to the RAA and emphasized that these should be incorporated into the new RAA. These issues include:[4]

  • Leave it to registrars to investigate malicious conduct
  • A competent technical point of contact on malicious conduct issues should be designated and available 24/7
  • Registrars should ensure the availability of privacy/proxy services on registration such as data escrow, relay function and reveal function
  • Registrars have the right to cancel registrations made by other privacy/proxy services for noncompliance with Relay and Reveal under proper circumstances
  • Identify situations requiring registrars to cancel registrations with fraud or false Whois data provided
  • PCI compliance should be required in the registration process
  • Provide a clear definition for "reseller" and registrar's responsibility for reseller compliance
  • Registrars should be required to fully disclose affiliates/multiple accreditations as well as the registrar contact information, type of business organization, officers, etc

M3AAWG also provided comments on the following issues:

  • ICANN Study on the Prevalence of Domain Names Registered using a Privacy or Proxy Registration Service among the top 5 gTLDs - M3AAWG commented that the result of ICANN's study, which found that approximately 20% of domains use proxy or privacy service, is consistent with their own observation on the matter, including the fact that a majority of those 20% do not provide any information regarding the beneficial user's identity. In addition, M3AAWG encouraged ICANN to further investigate whether there were TLDs/Registrars with disproportionately high or low numbers of proxy or privacy registration. The organization also agreed that ICANN's plan to conduct further proxy/privacy studies to document the relay and reveal practices of proxy/privacy services was important and encouraged ICANN to implement its plan as soon as possible.[5]
  • ICANN’s proposed 2011 Plan for Enhancing Internet Security, Stability and Resiliency - M3AAWG concurred that ICANN should define its limited role in the security, stability and resiliency of the Internet in the 2009 plan to avoid letting the mission creeping into inappropriate areas. M3AAWG also emphasized that ICANN must recognize the extent of its mission and role in relationship with other organizations. The organization cited that ICANN's primary mission was related to the domain name system, and its role was to ensure that the stability, security, resiliency, and scalability of the internet was always maintained. M3AAWG also pointed that ICANN is also responsible for collaborating with different organizations, government agencies and the global internet community in fighting against abuse of the DNS.[6]
  • ICANN Whois Review Team - M3AAWG recommended that ICANN should require registries to adopt the "thick" Whois Service, in order to be able to provide reliable service and standardized report formats. The organization is against the proposal that only law enforcement agencies should be allowed access to the Whois database, and suggested that the accuracy and reliability of the Whois service should be maintained. In addition, M3AAWG encouraged ICANN to provide a quarterly summary report on the volume of inaccuracy incident reports received through the WHOIS Data Problem Reporting System (WDPRS) and encouraged the Whois Review Team to include technological improvements on the Whois service.[7]
  • ICANN’s Draft FY2012 Budget - M3AAWG reviewed the proposed ICANN budget for fiscal year 2012 and commended the budget allocation on the following important areas, marking them as priorities:
  1. Registrar Oversight
  2. Whois Operation and Usability
  3. Scalable access to zone file data given the imminent addition of new gTLDs
  4. Cooperation with law enforcement, government regulators, and non-governmental organizations to prevent or respond to cybercrime and Internet abuse

M3AAWG also observed a 17.9% increase on the budget allocated for Global Engagement and International Participation, compared with the FY 2011 budget. The organization also noted that no specific budget had been allocated to improve the zone file access, and the effort provided to reach out to the law enforcement needs of the community was limited. In addition, M3AAWG pointed out that ICANN's operating expenses increased by 13%, whereas its revenue was only up by 6.5%. Given those facts, M3AAWG suggested that ICANN should take measures to reduce its expenditures or to increase its revenues.[8]


References[edit | edit source]