M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms
SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.
In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails. The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.
"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending. Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.
Industry Collaboration Leads to IETF Internet Draft Header Specification
The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.
M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available. This will help protect against bots misusing the site's verification emails in an attack.
The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks. An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification. At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.
Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack. The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."
Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco. The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications
M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.
A complete member list is available at http://www.m3aawg.org/about/roster.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire
Om Nasdaq GlobeNewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
+1 212 401 8700http://www.nasdaqomx.com
NASDAQ (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents.
Følg saker fra Nasdaq GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Nasdaq GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Nasdaq GlobeNewswire
Atico Produces 5.36 Million Pounds of Cu and 3,010 Ounces of Au in Third Quarter 201816.10.2018 22:30 | Pressemelding
VANCOUVER, British Columbia, Oct. 16, 2018 (GLOBE NEWSWIRE) -- Atico Mining Corporation (the “Company” or “Atico”) (TSX.V: ATY | OTC: ATCMF) announces its operating results for the three months ended September 30, 2018 from its El Roble mine. Production for the quarter totaled 5.36 million pounds of copper and 3,010 ounces of gold in concentrates, an increase of 5% for copper and 6% for gold, respectively, over the same period in 2017. “We are pleased to report another strong quarter of production as the El Roble mine continues to operate at a steady state level while the Company remains on track to deliver on our 2018 operational objectives,” said Fernando E. Ganoza, CEO. “For remainder of the year, we will continue optimizing the operation and executing the aggressive exploration drilling program at the El Roble property looking for additional mineralization both regionally and at mine vicinity.” Third Quarter Operational Highlights Production of 5.36 million pounds of copper contain
SoftServe’s Research Team Takes Prize at Samsung AI Challenge16.10.2018 21:16 | Pressemelding
Artificial intelligence leveraged to deblur and dehaze photos and videos with exceptional quality AUSTIN, Texas, Oct. 16, 2018 (GLOBE NEWSWIRE) -- SoftServe, a leading digital authority and consulting company, announced its researchers won second place at the Samsung AI Challenge 2018 with innovative neural image restoration enhancement for mobile and embedded devices. “Artificial intelligence is at the center of future-proofing technologies for many businesses today,” said Serge Haziyev, senior vice president for Advanced Technology at SoftServe. “The opportunities for AI are endless and we are proud of our team and their commitment to creating an innovative AI algorithm that pushed the boundaries of existing deblurring and dehazing technologies as part of Samsung’s AI Hackathon.” The winning team, made up of SoftServe research engineers, Volodymyr Budzan and Orest Kupyn, participated in the worldwide event developing a solution that uses state-of-the-art deep learning and computer vi
IRYStec Selected as CIX Top 20 Innovator for 2018!16.10.2018 17:52 | Pressemelding
MONTREAL, Oct. 16, 2018 (GLOBE NEWSWIRE) -- IRYStec Software Inc., today announced it was selected as one of the CIX Top 20 most innovative companies of 2018 in Canada. Chosen from hundreds of profiles by industry experts and investors, the winner will represent Canada at the Start-up World Cup Grand Finale In 2019! The CIX Top 20 program is Canada’s largest national showcase of the 20 hottest and most innovative tech companies. Hundreds of applications are submitted each year from across Canada and the CIX Selection Committee evaluates and selects 20 based on 5 criteria: Business Model, Quality of Product and Service Offering, Innovation, Market Opportunity and Depth of Management. CTO and Co-founder, Tara Akhavan, will be presenting at CIX 2018 on Oct 23 at 1 PM. Both Tara and Simon Morris, CEO, will be attending both days demonstrating why all displays in the near future will be perceptual displays driven by IRYStec’s Perceptual Display Platform technology. A crowd of over 800 inves
Strategic Tax Leaders are Preparing Now for Tax Reform 2.016.10.2018 15:15 | Pressemelding
ATLANTA, Oct. 16, 2018 (GLOBE NEWSWIRE) -- This year organizations adjusted their tax approach due to the passing of the Tax Cuts and Jobs Act. Strategic tax teams are continuing to prepare for another round of amendments with the potential for Tax Reform 2.0. “Change is inevitable, so organizations can’t get complacent with their tax strategy,” said Nick Alexander, Senior Product Manager at PowerPlan. “Tax teams should maximize their use of technology to help them stay ahead of future modifications of tax code to minimize disruption to their financials, processes and compliance.” PowerPlan has published a new article, Get Ready: Reform Isn’t Over, which further covers the potential impacts of Tax Reform 2.0 and shares how tax teams can prepare. To access the article, please visit: http://bit.ly/2NE8ZDO. About PowerPlan PowerPlan software provides financial insight into how complex rules and regulations impact your organization – empowering you to make credible decisions that improve o
€1.6bn investment project kickstarts Lithium Werks’ battery gigafactories vision16.10.2018 14:38 | Pressemelding
THE HAGUE, Netherlands, Oct. 16, 2018 (GLOBE NEWSWIRE) -- Dutch energy storage and battery company Lithium Werks B.V. (www.lithiumwerks.com) and Chinese Zhejiang Jiashan Economic and Technological Development Zone Industry Corporation have signed a framework agreement with the intention to construct a 60 hectares battery gigafactory in the Yangtze river Delta. Total investments required are estimated at €1.6 billion. The Lithium Werks factory and related facilities will produce battery cells for lithium-ion batteries, enabling the energy transition from fossil fuels to clean energy in order to reduce CO2 emissions. Lithium Werks expects to have installed production capacity of 500 GWh per annum by 2030 as it continues to contribute to the shift to a carbon neutral world. “With our Chinese partners’ help, and as we continue to grow both organically and through acquisitions, we will deliver the energy storage solutions that our customers increasingly ask for as the world transitions to c
Global Beverage and Food Launches With Stevia Are Up Sharply In 201816.10.2018 14:00 | Pressemelding
New Products Launched Globally with Stevia Post a +27% Increase in the First Half of 2018 vs the Same Period in 2017 CHICAGO, Oct. 16, 2018 (GLOBE NEWSWIRE) -- PureCircle (LSE: PURE), the world's leading producer and innovator of great-tasting stevia sweeteners, reports launches of new food and beverage products containing stevia leaf sweeteners increased significantly in the first six months of 2018 vs the comparable period in 2017. The data used in this release was provided by Mintel Global New Products Database (GNPD)*. Specifically, new product launches with stevia rose +27% globally. About one-third of foods and beverages launched using high-intensity sweeteners** contained stevia this year, nearly double the rate when compared to the first six months in 2012. Looking at results separately for global beverages and foods, launches of beverage products containing stevia grew 33% in the first half of 2018. Launches of food products with stevia grew 23%. As evidenced by this growth da
I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.Besøk vårt presserom