M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms


SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (, available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG ( members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific),, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at

This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire




Abonnera på våra pressmeddelanden.

Senaste pressmeddelandena från NASDAQ OMX

Momentum Group förvärvar Reklamproffsen i Örebro20.3.2018 08:45Pressmeddelande

Momentum Group AB (publ) har förvärvat 70 procent av aktierna i Reklamproffsen Skandinavien AB ("Reklamproffsen"). Reklamproffsen är en ledande återförsäljare av produktmedia innefattande yrkeskläder och profilkläder i Örebro med omnejd. Reklamproffsen omsätter cirka 35 MSEK per år med god lönsamhet och har 12 anställda. Reklamproffsen är en av Örebros största återförsäljare inom yrkeskläder och profilkläder med hög kompetens inom företagsprofilering. Reklamproffsen har en yrkesbutik och utställning i Örebro. Kunderna utgörs främst av industri- och serviceföretag och en betydande andel av försäljningen sker via kundunika webbshoppar. - Reklamproffsen har med sina starka kund- och leverantörsrelationer och medarbetare med hög kompetens utvecklats framgångsrikt ända sedan starten år 2000. Bolaget är idag ett väletablerat företag i Örebro med omnejd. Vi ser mycket goda möjligheter till vidare utveckling och tillväxt för Reklamproffsen som en del av Momentum Group, säger Ulf Lilius, VD & K

Momentum Group acquires Reklamproffsen in Örebro20.3.2018 08:45Pressmeddelande

Momentum Group AB (publ) has acquired 70 percent of the shares in Reklamproffsen Skandinavien AB ("Reklamproffsen"). Reklamproffsen is a leading reseller of promotional products, including workwear and profile clothing, in Örebro and the surrounding area. Reklamproffsen generates annual revenue of approximately MSEK 35 with favourable profitability and has 12 employees. Reklamproffsen is one of Örebro's largest resellers of workwear and profile clothing, with a high level of expertise in customising company products. Reklamproffsen has a professional store and showroom in Örebro. Its customers mainly comprise industrial and service companies, and a significant portion of its sales are conducted via customised online stores. "Thanks to its strong customer and supplier relationships and highly skilled employees, Reklamproffsen has achieved successful growth since it was formed in 2000. It is now a well-established company in Örebro and the surrounding area. We anticipate good opportuniti

Immunicum AB: Immunicum AB (publ) meddelar att ilixadencel har beviljats ATMP-certifiering från EMA gällande tillverkningskvalitet och prekliniska data20.3.2018 08:00Pressmeddelande

Pressmeddelande 20 mars 2018 Immunicum AB (publ) meddelar att ilixadencel har beviljats ATMP-certifiering från EMA gällande tillverkningskvalitet och prekliniska data Immunicum AB (publ; IMMU.ST) ett bioteknikbolag som utvecklar nya immunostimulerande cancerbehandlingar för ett antal solida tumörformer, meddelar idag att bolagets ledande produktkandidat, ilixadencel, har erhållit en ATMP-certifiering (Advanced Therapy Medicinal Product) efter granskning av tillverkningskvalitet och prekliniska data av den europeiska läkemedelsmyndigheten EMA (European Medicines Agency). "EMAs ATMP certifikat är en viktig milstolpe i utvecklingen av ilixadencel eftersom det validerar vår tillverkningskvalitet och våra prekliniska data, och ger oss samtidigt en solid bas för de senare faserna i den kliniska utvecklingen. Cell-baserade terapier måste uppfylla mycket höga krav och vi är glada att få detta erkännande av EMA för vårt arbete så här långt," säger Carlos de Sousa, VD för Immunicum. "Immunicum ä

Immunicum AB: Immunicum AB (publ) Announces ATMP Certificate Granted by EMA to Ilixadencel for Manufacturing Quality and Non-clinical Data20.3.2018 08:00Pressmeddelande

Press Release 20 March 2018 Immunicum AB (publ) Announces ATMP Certificate Granted by EMA to Ilixadencel for Manufacturing Quality and Non-clinical Data Immunicum AB (publ; IMMU.ST) a biopharmaceutical company advancing a novel, immune-priming cancer treatment against a variety of solid tumors, announced today that its lead product candidate, ilixadencel, has been granted an Advanced Therapy Medicinal Product (ATMP) certificate following a review of manufacturing quality and non-clinical data by the European Medicines Agency (EMA). "The EMA ATMP certificate is an important development milestone for ilixadencel because it validates our manufacturing quality and preclinical data and gives us a firm foundation for the later stages of clinical development. Cell-based therapies must meet very high requirements and we are pleased to have this recognition from the EMA of our work to date," said Carlos de Sousa, CEO of Immunicum. "Immunicum is one of very few companies that have successfully u

Nitinat Provides Update on the Carscallen Gold Property19.3.2018 21:30Pressmeddelande

TORONTO, March 19, 2018 (GLOBE NEWSWIRE) -- Further to its press release dated March 12, 2018 whereby Nitinat Minerals Corp. (the "Corporation") (TSX-V:NZZ) (Frankfurt:04U1) announced its option to acquire four (4) additional claims (collectively, the "Claims") abutting the western boundaries of the Corporation's current mining claims in Carscallen Township, Ontario (the "Carscallen Gold Property"), the Corporation is pleased to provide additional information pertaining to the Claims. The Corporation intends to implement an exploration program for the Claims to fully explore the potential of the Claims. The "preliminary technical appraisal" provided herein, along with the geophysics that the Corporation intends to undertake, will identify potential drill targets. The property encompassing the Claims is of particular interest in that surface exploration to date on the Claims has shown the existence of historic surface mining and sampling. The Corporation is currently assessing the most

New Elemica Trace Solution Delivers Shipment Risk Analysis for Digital Transformation19.3.2018 13:09Pressmeddelande

Real-Time Information Matched with GPS Locations Provides Accurate Delivery Information WAYNE, Pa., March 19, 2018 (GLOBE NEWSWIRE) -- Elemica, the leading Digital Supply Network for process manufacturing industries, introduces Elemica Trace, a solution that provides real-time shipment and risk visibility to customer service, transport planners, and supply chain managers, allowing them to monitor and proactively manage the movement of products to customers and inbound to manufacturing centers. "Shipment disruptions occur and teams can spend hours manually tracking down what is happening. What's worse, sometimes your customer complaint is the first indication you have of a late shipment," said Rich Katz, CTO of Elemica. "Trace eliminates the time and stress of tracking shipments and enables your teams to increase the positive interactions with your customers." Elemica Trace uses shipment data, carrier signals, a geo-location interface, and predictive algorithms to identify shipments in

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum