Messaging Malware Mobile Anti-Abuse Working Group: Difference between revisions
No edit summary |
No edit summary |
||
Line 25: | Line 25: | ||
'''MAAWG''' is the acronym for '''Messaging Anti-Abuse Working Group''', an non-profit international organization primarily engaged in preventing online abuses such denial of service attacks, phishing, spam, viruses and many other cyber crimes. The organization uses industry collaboration, technology, and public policy in providing solutions related to online messaging abuses. MAAWG was founded in 2004 and its headquarters is located in San Francisco, California.<ref>[http://www.maawg.org/about_maawg About MAAWG]</ref> | '''MAAWG''' is the acronym for '''Messaging Anti-Abuse Working Group''', an non-profit international organization primarily engaged in preventing online abuses such denial of service attacks, phishing, spam, viruses and many other cyber crimes. The organization uses industry collaboration, technology, and public policy in providing solutions related to online messaging abuses. MAAWG was founded in 2004 and its headquarters is located in San Francisco, California.<ref>[http://www.maawg.org/about_maawg About MAAWG]</ref> | ||
Since its establishment, MAAWG has been active in helping protect internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report which covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. MAAWG also provides comments on public policies and provides training courses related to cyber security. | Since its establishment, MAAWG has been active in helping protect internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report which covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. MAAWG also provides comments on public policies and provides training courses related to cyber security. Its' documents are published in different languages including Arabic, Chinese, French, German,Portuguese, Russian, ans Spanish. | ||
The members of MAAWG are categorized as '''Sponsor''', '''Full Member''' and '''Supporter'''. Some of the organizations sponsor members are [[AOL]], [[AT&T]], [[France Telecom]], [[Cloudmark]] Inc., [[Facebook]], [[Yahoo]]!.<ref>[http://www.maawg.org/about/roster Member Roster]</ref> The members of the organization meets three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.<ref>[http://www.maawg.org/events/upcoming_meetings Meetings]</ref> | The members of MAAWG are categorized as '''Sponsor''', '''Full Member''' and '''Supporter'''. Some of the organizations sponsor members are [[AOL]], [[AT&T]], [[France Telecom]], [[Cloudmark]] Inc., [[Facebook]], [[Yahoo]]!.<ref>[http://www.maawg.org/about/roster Member Roster]</ref> The members of the organization meets three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.<ref>[http://www.maawg.org/events/upcoming_meetings Meetings]</ref> | ||
Line 45: | Line 45: | ||
==ICANN Involvement== | ==ICANN Involvement== | ||
The Messaging Anti-Abuse Working Group actively shares its commentaries on various ICANN policies. On July 28, 2010, MAAWG praised the internet governing body's initiative in preparing an initial report regarding its plans to improve the Registration Accreditation Agreement ([[RAA]]). MAAWG supported the issues identified as high priority on the '''Initial Report on Proposals for Improvements to the RAA''' and emphasized that these should be incorporated on the new RAA. These issues include:<ref>[http://www.maawg.org/sites/maawg/files/news/MAAWG_ICANN_RAA_Changes-2010-07.pdf MAAWG Comments on ICANN Report RAA-Improvements-Proposal-28May10]</ref> | |||
* It is the registrar's responsibility to investigate malicious conduct | |||
* A competent technical point of contact on malicious conduct issues should be designated and available 24/7 | |||
* Registrars should ensure the availability of privacy/proxy services on registration such as data escrow, relay function and reveal function | |||
* Registrars has the right to cancel registrations made by other privacy/proxy services for noncompliance with Relay and Reveal under proper circumstances | |||
* Identify situations requiring registrars to cancel registrations with fraud or false [[Whois]] data provided | |||
* PCI compliance should be required in the registration process | |||
* Provide a clear definition for "reseller" and registrar's responsibility for reseller compliance | |||
* Registrars should be required to fully disclose affiliates/multiple accreditations as well as the registrar contact information, type of business organization,officers, etc | |||
Revision as of 04:56, 12 October 2011
Industry: | Internet |
Founded: | 2004 |
Headquarters: | San Francisco, California |
Country: | USA |
Website: | www.maawg.org |
Key People | |
Jerry Upton, Executive Director |
MAAWG is the acronym for Messaging Anti-Abuse Working Group, an non-profit international organization primarily engaged in preventing online abuses such denial of service attacks, phishing, spam, viruses and many other cyber crimes. The organization uses industry collaboration, technology, and public policy in providing solutions related to online messaging abuses. MAAWG was founded in 2004 and its headquarters is located in San Francisco, California.[1]
Since its establishment, MAAWG has been active in helping protect internet users and promote online security by publishing documents regarding the improvement of online security. It also publishes a quarterly e-mail metrics report which covers around 500 million mailboxes. It is used to analyze the trend and to track dangerous e-mail abuses. MAAWG also provides comments on public policies and provides training courses related to cyber security. Its' documents are published in different languages including Arabic, Chinese, French, German,Portuguese, Russian, ans Spanish.
The members of MAAWG are categorized as Sponsor, Full Member and Supporter. Some of the organizations sponsor members are AOL, AT&T, France Telecom, Cloudmark Inc., Facebook, Yahoo!.[2] The members of the organization meets three times a year to discuss the latest issues on messaging security, bot mitigation practices, social networking abuse as well as on-going policies and legislation conducted by different governments and other organizations involved in cyber security.[3]
Leadership
- Jerry Upton, Executive Director
- Michael O’Reirdan, Chairman
- Alex Bobotek, Co-Vice Chairman
- Chris Roosenraad, Co-Vice Chairman
- Dave Crocker, Senior Advisor
Senior Technical Advisors
- Dr Richard Clayton, Security Researcher-University of Cambridge
- Dave Crocker, Brandenburg InternetWorking-Principal
- David Dagon, J.D. Florida State University College of Law
- John R. Levine, Taughannock Networks-Founder
- April Lorenzen, Internet Security Researcher
- Dr. Joe St Sauver, Manager Internet2 Security Programs
ICANN Involvement
The Messaging Anti-Abuse Working Group actively shares its commentaries on various ICANN policies. On July 28, 2010, MAAWG praised the internet governing body's initiative in preparing an initial report regarding its plans to improve the Registration Accreditation Agreement (RAA). MAAWG supported the issues identified as high priority on the Initial Report on Proposals for Improvements to the RAA and emphasized that these should be incorporated on the new RAA. These issues include:[4]
- It is the registrar's responsibility to investigate malicious conduct
- A competent technical point of contact on malicious conduct issues should be designated and available 24/7
- Registrars should ensure the availability of privacy/proxy services on registration such as data escrow, relay function and reveal function
- Registrars has the right to cancel registrations made by other privacy/proxy services for noncompliance with Relay and Reveal under proper circumstances
- Identify situations requiring registrars to cancel registrations with fraud or false Whois data provided
- PCI compliance should be required in the registration process
- Provide a clear definition for "reseller" and registrar's responsibility for reseller compliance
- Registrars should be required to fully disclose affiliates/multiple accreditations as well as the registrar contact information, type of business organization,officers, etc