SAN FRANCISCO, CA--(Marketwired - Mar 17, 2015) - Spamvertising, malware and other online threats could be significantly reduced by hosting companies following the necessary hygiene and security processes outlined in the new M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers released today. Jointly published by the Internet Infrastructure Coalition (i2C) and the Messaging, Malware and Mobile Anti-Abuse Working Group, the new document outlines proven activities that can help Web hosting services improve their operations and better protect end-users.
The new best practices address both preventing abuse and what to do when a rogue customer is identified on the network. For example, because Web hosting services often suffer from the negligent actions of their customers, the document recommends instituting effective vetting processes to verify the legitimacy of new clients before allowing them on the network. It also advises that the company's Terms and Conditions should require customers to keep current on all software updates, as older versions can be susceptible to malware attacks.
Among other recommended best practices, hosting companies should consider hardware-based intrusion detection systems (IDS) that help prepare for and deal with an attack, use software-based security scans and firewalls, and implement internal network telemetry reporting. Feedback loops from network operators providing the hosting company with reports on abusive email sent from their servers can also help identify potential problems. When a problem is found, the best practices outline processes for remediating a compromise, including when to suspend service or terminate a customer.
The M3AAWG Hosting Special Interest Group was formed last year to develop these best practices, as explained in the video How the M3AAWG Hosting SIG Can Help You; Fighting Spam, Phishing, Malware and Emerging Threats. The SIG is continuing in its efforts to promote industry collaboration and develop the necessary processes to identify illegitimate hosting customers and respond to emerging issues.
Adkins said, "We are partnering with i2C on these best practices because they are aggressively working to address emerging anti-abuse issues in the cloud service provider area and to help these services improve their business model by reducing risk from abusive customers. Their support for this document reflects the hosting industry's commitment to safe practices and to their role as reliable partners in the Internet ecosystem."
The M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers (https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf) is available on both the M3AAWG website at www.m3aawg.org under Best Practices and from the i2C website at https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
M3AAWG Board of Directors and Sponsors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Listrak; Mailchimp; Message Systems; Orange (NYSE: ORA) (ORA.NX); PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact/Vocus; Internet Initiative Japan (IIJ) (NASDAQ: IIJI); Level 3; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; Proofpoint; Spamhaus; Sprint; Symantec; and Twitter.
A complete member list is available at http://www.m3aawg.org/about/roster.