M3AAWG Issues Mobile Messaging Best Practices for Service Providers to Combat
Increasing Text Spam
SAN FRANCISCO, CA -- (Marketwired) -- 07/31/14 -- Responding to the
billions of spam text messages sent each year, the new M3AAWG Mobile
Messaging Best Practices for Service Providers just released by the
Messaging, Malware and Mobile Anti-Abuse Working Group offers
industry guidelines to better protect end-users. The best practices
are intended to improve operator security in an increasingly open,
globally interconnected messaging environment.
Faced with escalating volumes of mobile spam as the cost to send text
messages continues to fall, many service providers are looking for
more effective defense techniques that are also compatible with
global connectivity needs. The new document, released today at the
M3AAWG India Anti-Abuse Working Group meeting in New Delhi, outlines
the latest approaches to curbing text, mobile and
application-to-person messaging abuse, including SMS, MMS and RCS
"As texting becomes less expensive and more accessible with Internet
technologies like text-enabled landline accounts, we're increasingly
seeing criminals turning text spam into an illicit money-making
machine at the expense of consumers. Mobile abuse is rising
significantly. These new best practices incorporate a decade of
experience in fighting email and mobile abuse in M3AAWG and outline
techniques specific to mobile messaging that can help protect service
providers' networks from being exploited," said Alex Bobotek, M3AAWG
The best practices focus on three areas: service design practices,
defensive strategies, and abuse detection and mitigation techniques.
Key strategies to mitigate text message spam include making abuse
less profitable, developing agile defenses and using diverse methods
to increase the penetration resistance of an operator's defenses.
Among other guidelines, the best practices recommend:
-- Preventing automatic account creation and requiring secure
authentication, such as a government-issued identification, when
opening new end-user accounts.
-- Limiting the number of messages new accounts can send at one time and
monitoring the black market for the sale of bulk end-user accounts.
-- Monitoring and limiting spam endorsements (spamprogration), especially
when an application sends invites or suggested downloads to end-users'
contact lists without their permission.
-- Providing user feedback options with a "This Is Spam" button, using
the 7726 (spells "spam" on a mobile keyboard) reporting system or an
-- Participating in industry abuse information-sharing forums to stay
current on the latest mobile messaging attack techniques.
The M3AAWG Mobile Messaging Best Practices for Service Providers are
available from the M3AAWG website at
www.m3aawg.org/mobilemessagingbp.pdf or from the site's Activities
tab under the Published Documents section at
About the Messaging, Malware and Mobile Anti-Abuse Working Group
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
is where the industry comes together to work against bots, malware,
spam, viruses, denial-of-service attacks and other online
exploitation. M3AAWG (www.M3AAWG.org) represents more than one
billion mailboxes from some of the largest network operators
worldwide. It leverages the depth and experience of its global
membership to tackle abuse on existing networks and new emerging
services through technology, collaboration and public policy. It also
works to educate global policy makers on the technical and
operational issues related to online abuse and messaging.
Headquartered in San Francisco, Calif., M3AAWG is driven by market
needs and supported by major network operators and messaging
M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL);
Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ:
CTCT); Cox Communications; Damballa, Inc.; Facebook; Google;
LinkedIn; Mailchimp; Orange (NYSE: ORA) (EURONEXT PARIS: ORA);
PayPal; Return Path; Time Warner Cable; Verizon Communications; and
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; BAE
Systems Detica; Campaign Monitor Pty.; Cisco Systems, Inc.;
CloudFlare; Dyn; iContact; Internet Initiative Japan (IIJ) (NASDAQ:
IIJI); Litmus; McAfee Inc.; Mimecast; Nominum, Inc.; Oracle;
Proofpoint; Scality; Spamhaus; Sprint; Symantec and Twitter.
A complete member list is available at
Linda Marcus, APR
+1-714-974-6356 (U.S. Pacific)
Press spacebar to pause and continue. Press esc to stop.