Below are the M3AAWG published materials related to our work on preventing and mitigating malware. There is also a Malware video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.
Best Practices
M3AAWG Ransomware Active Attack Response Best Common Practices
Updated August 2025
This document addresses the options available if you realize that you are a victim of a Ransomware attack. It explains how to consider risks and alternatives in resolving the recovery and supporting continuity for your business, and how to tackle those issues.
« Prev
This document is intended to provide concrete best practices for preventing or mitigating malicious or compromised domains at the registry or registrar level. A fundamental gap within the DNS community exists for how registries and registrars can best operationally effectuate anti-abuse mechanisms specific to malicious or compromised domains. M3AAWG hopes this document will help inform relevant DNS stakeholders and promote a safer and more secure DNS ecosystem.
M3AAWG Best Common Practices for Managing Port 25 for IP Networks
This document is an update to our previous "Managing Port 25 for Residential or Dynamic IP Space - Benefits of Adoption and Risks of Inaction" document published in 2005.
Spammers and other abusers often use viruses and spyware as vehicles to assume control over large numbers of computers. By managing the sending of email from devices on their network, providers can reduce the costs of running their business, increase customer satisfaction, and reduce the level of internet abuse associated with their service.
M3AAWG Present and Future of the Public Suffix List
This document describes the PSL, explains its current strengths and limitations, and outlines some possible future enhancements. Most importantly, though, the community must step up and help to make sure it continues to exist.
M3AAWG Brand Protection Kit Domain Management
This document focuses on domain management. It outlines how to protect brands from threat actors who are keen to register domains that mimic a brand in order to steal information and/or assets.
Pages
Public Policy Comments
Comments by the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) on the DHS “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements”
M3AAWG has submitted comments to the Department of Homeland Security's (DHS) Proposed Rulemaking on “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements”. M3AAWG recognizes the key role effective cyber incident reporting can have in addressing the impacts of cybersecurity incidents and combating online abuse. Cyber incident reporting can minimize consequences to victims, capture lessons learned, and improve cybersecurity nationwide, thereby increasing the likelihood that perpetrators will be held accountable. However, overly broad cyber incident reporting rules often do not, on balance, yield benefits commensurate with the significant costs those rules impose on both reporting entities and the government.
We generally support CISA’s efforts to craft a proposed rule that seeks to achieve the intended goals of the CIRCIA mandates. However, M3AAWG urges CISA to consider the following suggestions to clarify or modify its proposed rule, as detailed below. We note that our comments today are focused on certain critical areas of concern to our members and do not represent a comprehensive discussion of all issues covered in the expansive CIRCIA NPRM.
Comments of the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) on NIST AI 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile
M3AAWG has submitted Comments on the NIST AI 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. With the growing importance of AI in society and the challenges of AI-related security and abuse issues, appropriate management of AI risk is becoming ever more pertinent, which is why M3AAWG welcomes the opportunity to submit comments.