Nasdaq GlobeNewswire

M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms


SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (, available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG ( members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific),, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at

This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire

Om Nasdaq GlobeNewswire

Nasdaq GlobeNewswire
Nasdaq GlobeNewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York

+1 212 401 8700

NASDAQ (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents.

Følg saker fra Nasdaq GlobeNewswire

Registrer deg med din epostadresse under for å få de nyeste sakene fra Nasdaq GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.

Siste saker fra Nasdaq GlobeNewswire

Abeona Therapeutics Reports Fourth Quarter 2017 Financial Results and Business Highlights16.3.2018 22:32Pressemelding

Investor Conference Call on Tuesday, March 27th at 10:00 am ET NEW YORK and CLEVELAND, March 16, 2018 (GLOBE NEWSWIRE) -- Abeona Therapeutics Inc. (NASDAQ:ABEO), a leading clinical-stage biopharmaceutical company focused on developing novel cell and gene therapies for life-threatening rare genetic diseases, today announced financial results for the fourth quarter. The Company will host a call to update investors on recent clinical developments and year-end financial results on Tuesday, March 27th at 10:00 am (Eastern). Interested parties are invited to participate in the call by dialing 877-407-9210 (toll free domestic) or 201-689-8049 (International). "The past year was marked by several defining events in the company's history, having advanced our two lead clinical programs, EB-101 in Epidermolysis Bullosa and ABO-102 in MPS IIIA, and initiated our third clinical program, ABO-101 in MPS IIIB. The strong safety and biopotency data observed in our three active clinical trials and the s

Mandela Golden Hands Collection Sells for US$10 Million at PDAC 2018 Conference16.3.2018 15:40Pressemelding

Arbitrade, a new coin and cryptocurrency exchange, to purchase the unique gold collection with Bitcoin NEW YORK, March 16, 2018 (GLOBE NEWSWIRE) -- The Board of Arbitrade, a new coin and cryptocurrency exchange, has announced it will purchase the Nelson Mandela Golden Hands Collection. Made from 20 lbs, 99.999 of pure gold, it includes 3 life size impressions of Mandela's hands and two others of his palm and fist. It was cast in 2002 by South Africa's Harmony Gold mining group, one of the world's leading gold producers, 12 years after Nelson Mandela was released from prison. The seller, Malcolm Duncan, a South African businessman now living in Calgary, Canada, knew Mandela. He said that Harmony's intention was to make one full set of gold artefacts consisting of a fist, a full hand and a palm impression of his right hand for each of the 27 years Mandela had spent behind bars. Duncan had purchased the sets dedicated to 1964 and 1990, marking the year Mandela was incarcerated and the yea

RSK Chooses Decentral's Jaxx Blockchain Platform, Paving Way For Smart Contracts On Bitcoin16.3.2018 14:44Pressemelding

BUENOS AIRES, Argentina, March 16, 2018 (GLOBE NEWSWIRE) -- RSK, the smart contract platform powered by the Bitcoin network, today announced it has launched on Decentral's Jaxx cryptocurrency wallet and multi-token digital platform. This integration paves the way for RSK's open source platform to implement Ethereum-style smart contracts over the Bitcoin network. RSK combines the flexibility of smart contracts with the Bitcoin infrastructure, bringing endless possibilities to build a more flexible and inclusive financial system that will improve the life of billions of people. RSK successfully released its MainNet network, built as a side-chain to the Bitcoin mainnet, in January 2018. It is now presenting the first wallet that will help dApp developers manage their fuel while creating their solutions powered by RSK and the Bitcoin Network. RSK's CEO, Diego Gutierrez Zaldivar said: "We're very happy to partner with Jaxx, a highly-secure and a very easy-to-use wallet that will be the firs

Up to $200 Billion in Illegal Cybercrime Profits Is Laundered Each Year, Comprehensive Research Study Reveals16.3.2018 13:00Pressemelding

Cybercriminals turning to virtual currencies, video game currency and digital payment systems like PayPal to convert illegal revenue into clean cash CUPERTINO, Calif., March 16, 2018 (GLOBE NEWSWIRE) -- Bromium®, Inc., the pioneer and leader in application isolation using virtualization-based security, today announced the findings of an independent, academic study into the macro economics of cybercrime and how cybercriminals launder and 'cash out' the profits of criminal endeavours. The findings are part of a larger nine-month study titled Into the Web of Profit, sponsored by Bromium. The full findings will be presented at the RSA Conference in April by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University, England. According to the report, cybercriminal proceeds make up an estimated 8-10 percent of total illegal profits laundered globally; amounting to an estimated $80-$200 billion each year 1. Other key findings include: Virtual currencies have become the primary tool

Technology empowering an increasingly connected SEA for financially inclusive communities16.3.2018 11:41Pressemelding

Global speakers IFC, MAS shared their views at Ant Financial Technology Exploration Conference in Singapore SINGAPORE, March 16, 2018 (GLOBE NEWSWIRE) -- Ant Financial Services Group ("Ant Financial" or "Ant") today wrapped up its participation at Money20/20 Asia in Singapore with the Ant Technology Exploration Conference (ATEC), with guests Giri Jadeja, Global Head of Financial Innovation at International Finance Corporation (IFC) and Sopnendu Mohanty, Chief Fintech Officer at Monetary Authority of Singapore (MAS) sharing their views on financial inclusion alongside Cheng Li, Chief Technology Officer and Chief Operations Officer for global business group at Ant Financial. Giri Jadeja shared his vision as global head of financial innovation at IFC - to reach out to the 2 billion unbanked and underserved population in the world, the majority of whom reside in Asia. The region has in recent years seen an exponential growth of new fintech companies. Giri is optimistic that technological c

Z-Wave Alliance Dominates Building Automation Space at Light + Building 201816.3.2018 11:00Pressemelding

Exhibitors introduce new products and demonstrate interoperability and collaboration in international Z-Wave smart building and IoT ecosystem FRANKFURT, Germany, March 16, 2018 (GLOBE NEWSWIRE) -- Light + Building 2018 - Hall 9.1, Booth E46 - The Z-Wave Alliance, a global membership organization dedicated to advancing the popular Z-Wave wireless smart home protocol, will host the Z-Wave Pavilion at Light + Building from March 18 - 23, 2018. The Alliance is also demonstrating their award-winning installation toolkit to make installation and testing of a Z-Wave smart home mesh network even easier for the pro installer community. The Z-Wave Pavilion will be on display at the show featuring the latest in European home and building automation and connected lighting products. Z-Wave Alliance members will demonstrate smart home lighting, thermostats, switches, air quality monitors and more. Support for the Z-Wave protocol has never been stronger - the Z-Wave Alliance now boasts over 700-membe

I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.

Besøk vårt presserom