Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:00 PM
Dark Reading
Dark Reading
Products and Releases

New M3AAWG Cloud Service Providers Best Practices Aim to Reduce End-User Threats

San Francisco, March 17, 2015 – Spamvertising, malware and other online threats could be significantly reduced by hosting companies following the necessary hygiene and security processes outlined in the new M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers released today.  Jointly published by the Internet Infrastructure Coalition (i2C) and the Messaging, Malware and Mobile Anti-Abuse Working Group, the new document outlines proven activities that can help Web hosting services improve their operations and better protect end-users.

The new best practices  Implementing these recommendations can help hosting companies establish a stable operating environment and minimize additional customer support costs resulting from network operators frequently blocking the service for abusive activities, according to Michael Adkins, M3AAWG Chairman of the Board. 

“We took on this work at3AAWG because of the pivotal role hosting companies play in the ecosystem.  The same services that maintain domains and websites for legitimate customers are also needed by spammers, phishers and other miscreants to carry out their clandestine activities that defraud end-users, clog inboxes with junk mail or steal personal identity information. These best practices detail the current policies and technologies used by successful hosting and cloud service providers to weed out criminals and fix other common problems caused by well-intentioned but problematic customers that pose a threat to end users everywhere,” Adkins said.

The M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers are intended for the technical staff at both large organizations and smaller start-up hosting companies.  The document was developed by industry professionals who face these challenges every day and outlines reasonable steps that can be integrated into a company’s basic operations and policies, as explained in the video Improving Your Business with the M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers at www.youtube.com/maawg.

Christian Dawson, i2C chairman and co-founder, said, “As a group constructed of the organizations that build the Internet infrastructure, including the Web hosting services, we have the honor and responsibility to work together to make the Internet a safer place. We are thrilled to collaborate with M3AAWG on this important best practices initiative and focus on implementation within this community.”

Hosting Practices to Improve Business and Protect End-Users

The new best practices address both preventing abuse and what to do when a rogue customer is identified on the network.  For example, because Web hosting services often suffer from the negligent actions of their customers, the document recommends instituting effective vetting processes to verify the legitimacy of new clients before allowing them on the network.  It also advises that the company’s Terms and Conditions should require customers to keep current on all software updates, as older versions can be susceptible to malware attacks.

Among other recommended best practices, hosting companies should consider hardware-based intrusion detection systems (IDS) that help prepare for and deal with an attack, use software-based security scans and firewalls, and implement internal network telemetry reporting.  Feedback loops from network operators providing the hosting company with reports on abusive email sent from their servers can also help identify potential problems.  When a problem is found, the best practices outline processes for remediating a compromise, including when to suspend service or terminate a customer.  

The M3AAWG Hosting Special Interest Group was formed last year to develop these best practices, as explained in the video How the M3AAWG Hosting SIG Can Help You; Fighting Spam, Phishing, Malware and Emerging Threats. The SIG is continuing in its efforts to promote industry collaboration and develop the necessary processes to identify illegitimate hosting customers and respond to emerging issues.

Adkins said, “We are partnering with i2C on these best practices because they are aggressively working to address emerging anti-abuse issues in the cloud service provider area and to help these services improve their business model by reducing risk from abusive customers. Their support for this document reflects the hosting industry’s commitment to safe practices and to their role as reliable partners in the Internet ecosystem.”

The M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers (https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf) is available on both the M3AAWG website at www.m3aawg.org under Best Practices and from the i2C website at https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-20
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction...
PUBLISHED: 2020-10-20
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking ...
PUBLISHED: 2020-10-20
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
PUBLISHED: 2020-10-20
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
PUBLISHED: 2020-10-20
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a ...