M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms
SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.
In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails. The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.
"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending. Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.
Industry Collaboration Leads to IETF Internet Draft Header Specification
The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.
M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available. This will help protect against bots misusing the site's verification emails in an attack.
The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks. An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification. At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.
Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack. The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."
Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco. The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications
M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.
A complete member list is available at http://www.m3aawg.org/about/roster.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire
Följ NASDAQ OMX
Abonnera på våra pressmeddelanden.
Senaste pressmeddelandena från NASDAQ OMX
Navigators to Acquire Belgian Specialty Insurer18.12.2017 07:30 | Pressmeddelande
STAMFORD, CT, December 18, 2017 - The Navigators Group, Inc. (NASDAQ:NAVG) today announced that it has entered into a share purchase agreement for the purchase of all of the shares of Assurances Continentales - Continentale Verzekeringen NV ("ASCO") and Bracht, Deckers & Mackelbert NV ("BDM"). ASCO and BDM are both based in Antwerp, Belgium. The proposed acquisition is part of Navigators' strategy of expanding its well-established specialty insurance expertise to more brokers and insureds across Europe. ASCO is a specialty insurance company offering marine and property and casualty insurance. BDM is an insurance underwriting agency that underwrites risk coverage in niche markets on behalf of ASCO and a number of major international insurers. Additionally, as part of the transaction, Navigators will acquire all the shares of Canal Re SA, a Luxembourg reinsurance company that is a wholly-owned subsidiary of ASCO. The acquisition reinforces Navigators' presence in the European Un
Oxford Immunotec and QIAGEN N.V. Settle Patent Infringement Lawsuit15.12.2017 22:04 | Pressmeddelande
Agreement includes payment of $27.5 million to Oxford, royalty-free license to QIAGEN and dismissal of all pending litigation OXFORD, United Kingdom and MARLBOROUGH, Mass., Dec. 15, 2017 (GLOBE NEWSWIRE) -- Oxford Immunotec Ltd. (Nasdaq:OXFD) and QIAGEN N.V. (Nasdaq:QGEN) (Frankfurt Stock Exchange:QIA) announced today that they have reached a settlement in the lawsuit in the U.S. District Court for the District of Massachusetts in Boston (15-cv-13124-NMG) alleging patent infringement in relation to QIAGEN's QuantiFERON®-TB Gold and QuantiFERON®-TB Gold Plus products. Under terms of the agreement, all pending claims between Oxford and QIAGEN and the co-defendants have been resolved. As part of the settlement, Oxford has granted QIAGEN a royalty-free, non-exclusive license that extends to all current and future customers of QuantiFERON-TB Gold and QuantiFERON-TB Gold Plus in exchange for a one-time, lump-sum payment of $27.5 million. The settlement includes general
Algeco Scotsman Announces Acquisition of Iron Horse Ranch15.12.2017 21:32 | Pressmeddelande
BALTIMORE, Dec. 15, 2017 (GLOBE NEWSWIRE) -- Algeco/Scotsman Holding S.à r.l. (together with its subsidiaries, the "Algeco Group") today announced the successful closing of the acquisition by the Algeco Group's subsidiary, Target Logistics Management, LLC ("Target Logistics"), of Iron Horse Ranch from funds managed by TDR Capital LLP ("TDR"). The acquisition solidifies Target Logistics' position as the single largest provider of turnkey workforce housing in the U.S., including a network of eight lodges and 2,119 beds in the Permian Basin. With the acquisition, Target Logistics' Permian Basin lodge network now includes Texas lodges in Pecos, Mentone, San Angelo and two in Odessa, along with two lodges in Carlsbad and Lovington, New Mexico. Additionally, Target Logistics adds Eagle Ford lodges in Cameron and Yorktown, Texas. Diarmuid Cummins, CEO Algeco Scotsman: "Today we announce the completion of the second of two strategic acquisitions which we flagged earlier
Repurchase of own shares in Momentum Group AB (publ)15.12.2017 15:25 | Pressmeddelande
In accordance with the authorisation issued by the Extraordinary General Meeting of Shareholders held on 28 November 2017, Momentum Group AB (publ) has repurchased 28,800 Class B shares at an average price of SEK 103.34 per share. After the repurchase, Momentum Group AB's current holding of treasury shares amounts to 28,800 Class B shares, corresponding to 0.1 percent of the total number of shares and 0.1 percent of the total number of votes. The total number of shares in Momentum Group AB, including those held by the Company, amounts to 28,265,416, of which 1,062,436 are Class A shares and 27,202,980 are Class B shares. The total number of votes in Momentum Group AB is 37,827,340. Stockholm, 15 December 2017 Momentum Group AB (publ) For further information, please contact: Mats Karlqvist, Head of Investor Relations - Tel: +46 70 660 31 32 This information was submitted for publication on 15 December 201
Återköp av egna aktier i Momentum Group AB (publ)15.12.2017 15:25 | Pressmeddelande
I enlighet med bemyndigandet från den extra bolagsstämman den 28 november 2017 har Momentum Group AB (publ) återköpt 28 800 aktier av serie B till en genomsnittskurs av 103,34 SEK per aktie. Momentum Group ABs aktuella innehav av egna aktier efter återköpet uppgår till 28 800 aktier av serie B, vilket motsvarar 0,1 procent av totalt antal aktier och 0,1 procent av totalt antal röster. Det totala antalet aktier i Momentum Group AB, inklusive de av bolaget ägda aktierna, uppgår till 28 265 416 st, av vilka 1 062 436 är aktier av serie A och 27 202 980 är aktier av serie B. Det totala antalet röster i Momentum Group AB är 37 827 340. Stockholm den 15 december 2017 Momentum Group AB (publ) För ytterligare information vänligen kontakta: Mats Karlqvist, Head of Investor Relations - telefon 070-660 31 32 Informationen lämnades för offentliggörande den 15 december 2017 kl. 15:15 CET.
Elemica Named to Food Logistics Top 100 List15.12.2017 13:55 | Pressmeddelande
11th Consecutive Win for Delivering Value Across Clients' Supply Chains WAYNE, Pa., Dec. 15, 2017 (GLOBE NEWSWIRE) -- Elemica, the leading Business Network for the process industries, announces the company has been named to Food Logistics magazine's FL100+ Award for the 11th year. The FL100+ list recognizes leading software and technology providers in the food and beverage industry. Elemica was chosen for helping agricultural and food ingredient businesses conduct more efficient and error free commerce across their community of suppliers, customers and logistics providers - delivering value through lower operating expenses and working capital costs. "We are honored to be included for the past eleven years on the Food Logistics FL100+ list for helping companies improve efficiencies and generate value from their supply chains," said John Blyzinskyj, CEO of Elemica. "Automating business processes, enabling end-to-end visibility, and providing a platform for
I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.Besök vårt pressrum