GlobeNewswire

M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms

Dela

SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at http://www.m3aawg.org/about/roster.




This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire

Om

GlobeNewswire



Följ GlobeNewswire

Abonnera på våra pressmeddelanden.

Senaste pressmeddelandena från GlobeNewswire

Immunicum AB (publ) Announces Upcoming Investor Events in January22.1.2019 08:30Pressmeddelande

Press Release 22 January 2019 Immunicum AB (publ) Announces Upcoming Investor Events in January Immunicum AB (publ; IMMU.ST) announced today that Carlos de Sousa, CEO of Immunicum, and other members of the management team will present at upcoming investor conferences in January. Biomed Investor Event by Invest Securities Date: January 22, 2019 Venue: Les Salons Hoche, 9 Avenue Hoche, Paris, France Redeye Fight Cancer Seminar Date: January 22, 2019 Presentation Time: 11.15 am CET Panel: 11.25 am CET Venue: Master Samuelsgatan 42, Stockholm, Sweden Aktiespararna - Stora Aktiedagen Date: January 29, 2019 Presentation Time: 8.30 - 9.00 am CET Panel: "Samtal om cancerbekämpning", 10:50 am CET Venue: Medicon Village, Scheelevägen 2, Lund, Sweden For more information, please contact: Carlos de Sousa, CEO, Immunicum Telephone: +46 (0) 31 41 50 52 E-mail: info@immunicum.com Michaela Gertz, CFO, Immunicum Telephone: +46 70 926 17 75 E-mail: ir@immunicum.com Media Relations Gretchen Schweitzer an

Immunicum AB (publ) meddelar idag kommande presentationstillfällen under januari22.1.2019 08:30Pressmeddelande

Pressmeddelande 22 januari 2019 Immunicum AB (publ) meddelar idag kommande presentationstillfällen under januari Immunicum AB (publ; IMMU.ST) meddelar idag att Immunicums VD, Carlos de Sousa och andra medlemmar av ledningsgruppen kommer presentera vid följande investerarevent under januari. Biomed Investor Event by Invest Securities Datum: 22 januari 2019 Plats: Les Salons Hoche, 9 Avenue Hoche, Paris, France RedEye Fight Cancer Seminar Datum: 22 januari 2019 Presentationstid: 11.15 am CET Panel: 11.25 am CET Plats: Master Samuelsgatan 42, Stockholm, Sweden Aktiespararna - Stora Aktiedagen Datum: 29 januari 2019 Presentationstid: 8.30 - 9.00 am CET Panel: "Samtal om cancerbekämpning", 10:50 am CET Plats: Medicon Village, Scheelevägen 2, Lund, Sweden För ytterligare information kontakta: Carlos de Sousa, VD, Immunicum Telefon: +46 (0) 31 41 50 52 E-post: info@immunicum.com Michaela Gertz, Finanschef, Immunicum Telefon: +46 (0) 70 926 17 75 E-post: ir@immunicum.com Media Relations Gretch

Immunicum AB (publ) meddelar att resultaten från den kliniska fas I/II-studien med ilixadencel vid långt framskriden levercancer publicerats i Frontiers in Oncology21.1.2019 08:30Pressmeddelande

Pressmeddelande 21 januari 2019 Immunicum AB (publ) meddelar att resultaten från den kliniska fas I/II-studien med ilixadencel vid långt framskriden levercancer publicerats i Frontiers in Oncology Immunicum AB (publ; IMMU.ST) meddelar idag att den slutliga analysen av data från den undersökande kliniska studien med ilixadencel hos patienter med långt framskriden levercancer har publicerats i tidskriften, Frontiers in Oncology . Dessa data bekräftar de tidigare meddelade positiva egenskaperna gällande säkerhet och tolerabilitet för ilixadencel, både när det ges som enda behandling och i kombination med första linjens standardbehandling, sorafenib. Dessutom påvisades ökade nivåer av tumörspecifika CD8+ T-celler i cirkulerande blod för en majoritet av de utvärderbara patienterna, vilket indikerar ett systemiskt immunologiskt svar. De fullständiga resultaten ger ytterligare insikter om ilixadencels verkningsmekanism, tecken på klinisk effekt samt viktig information som kommer att vara vägl

Immunicum AB (publ) Announces Publication of Phase I/II Clinical Trial Results of Ilixadencel in Advanced Hepatocellular Carcinoma in Frontiers in Oncology21.1.2019 08:30Pressmeddelande

Press Release 21 January 2019 Immunicum AB (publ) Announces Publication of Phase I/II Clinical Trial Results of Ilixadencel in Advanced Hepatocellular Carcinoma in Frontiers in Oncology Immunicum AB (publ; IMMU.ST) announced today that the final data analysis from the exploratory clinical study of ilixadencel in patients with advanced hepatocellular carcinoma (HCC) has been published in the journal, Frontiers in Oncology . The data confirms previously communicated positive safety and tolerability of ilixadencel when administered both alone and in combination with current first-line standard of care, sorafenib. In addition, the data demonstrate an increased frequency of tumor-specific CD8+ T cells in circulating blood for a majority of evaluable patients, indicating a systemic immune response. The complete results provide further insight on ilixadencel's mode of action, signs of clinical activity and important information that will guide the next stage of clinical development. As commun

Karolinska Development's portfolio company Modus Therapeutics completes enrollment in Phase II study with sevuparin7.1.2019 12:00Pressmeddelande

STOCKHOLM, January 7, 2019. Karolinska Development's portfolio company Modus Therapeutics announces that the patient enrollment has been completed in the Phase II study with sevuparin in patients with sickle cell disease (SCD). The results from the study is expected in mid 2019. Modus Therapeutic's randomized, double blind study contains 140 SCD-patients with Acute Vaso Occlusive Crisis (VOC). It compares intravenously administered sevuparin with placebo. The primary endpoint of the study is the demonstration of a reduced time to resolution of patient's VOC. Clincal sites across Europe and the Middle East took part in the study that was conducted in conjunction with Modus Therapeutics' co development partner Ergomed. SCD has a high unmet medical need as there are currently no approved therapies for VOCs. It is an inherited blood disorder that affects between 90,000 to 100,000 patients in the U.S. and is characterized by severely painful VOCs that lead to organ damage due to a lack of o

Karolinska Development's portfolio company Modus Therapeutics completes enrollment in Phase II study with sevuparin7.1.2019 12:00Pressmeddelande

STOCKHOLM, January 7, 2019. Karolinska Development's portfolio company Modus Therapeutics announces that the patient enrollment has been completed in the Phase II study with sevuparin in patients with sickle cell disease (SCD). The results from the study is expected in mid 2019. Modus Therapeutic's randomized, double blind study contains 140 SCD-patients with Acute Vaso Occlusive Crisis (VOC). It compares intravenously administered sevuparin with placebo. The primary endpoint of the study is the demonstration of a reduced time to resolution of patient's VOC. Clincal sites across Europe and the Middle East took part in the study that was conducted in conjunction with Modus Therapeutics' co development partner Ergomed. SCD has a high unmet medical need as there are currently no approved therapies for VOCs. It is an inherited blood disorder that affects between 90,000 to 100,000 patients in the U.S. and is characterized by severely painful VOCs that lead to organ damage due to a lack of o

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum