NASDAQ OMX

M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms

Dela

SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at http://www.m3aawg.org/about/roster.




This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire

Om

NASDAQ OMX
NASDAQ OMX



Följ NASDAQ OMX

Abonnera på våra pressmeddelanden.

Senaste pressmeddelandena från NASDAQ OMX

CORRECTING and REPLACING -- PRESS ALERT & INVITATION: Arbitrade to Hold a Press Conference on June 28th From Bermuda - Its New Global Headquarters23.6.2018 14:00Pressmeddelande

NEW YORK, June 23, 2018 (GLOBE NEWSWIRE) -- In a press release issued under the same headline earlier today by Arbitrade, please note that the correct date of the event is Thursday, June 28, 2018 at 8:00 a.m. EDT. The corrected release follows: This is an invitation to all media following Arbitrade and/or covering the cryptocurrency markets. You are invited to join Arbitrade's Chairman, Len Schutzman, and management who will discuss their progress toward establishing Arbitrade as a world-class cryptocurrency exchange and coin company. They will also discuss their move and incorporation into Bermuda, one of the world's best regulated jurisdictions and a platform from which Arbitrade will reach out to several international markets. It will be a lively discussion that will also include details of the many economic and social advantages and new jobs that companies, like Arbitrade, will bring to countries in which they settle and do business around the world. Details of how to access the pr

15th Consecutive Nasdaq Closing Cross Sets Record for Number of Shares Traded During 2018 Russell US Indexes Reconstitution22.6.2018 23:19Pressmeddelande

NEW YORK, June 22, 2018 (GLOBE NEWSWIRE) -- Nasdaq (Nasdaq:NDAQ) today announced the Nasdaq Closing Cross had a record day as it was used for the 15th consecutive year to rebalance Nasdaq-listed securities in the entire family of Russell U.S. Indexes, part of leading global index provider FTSE Russell, during their annual reconstitution. A record 1.188 billion shares representing $39.26 billion were executed in the Closing Cross in 0.935 seconds across some 2,591 Nasdaq-listed stocks. This compares to 2017, when Nasdaq executed 972 million shares representing $28.9 billion executed in 0.861 seconds across 2,499 Nasdaq-listed stocks. "Today, we saw a record-breaking performance for the Nasdaq Closing Cross, which benefits issuers and investors alike with transparent and efficient price discovery," said Tom Wittman, Head of Global Equities and Executive Vice President of Global Trading and Market Services at Nasdaq. "The rebalance is an important event to ensure that the Russell U.S. ind

PRESS ALERT & INVITATION: Arbitrade to Hold a Press Conference on June 28th From Bermuda - Its New Global Headquarters22.6.2018 22:29Pressmeddelande

NEW YORK, June 22, 2018 (GLOBE NEWSWIRE) -- This is an invitation to all media following Arbitrade and/or covering the cryptocurrency markets. You are invited to join Arbitrade's Chairman, Len Schutzman, and management who will discuss their progress toward establishing Arbitrade as a world-class cryptocurrency exchange and coin company. They will also discuss their move and incorporation into Bermuda, one of the world's best regulated jurisdictions and a platform from which Arbitrade will reach out to several international markets. It will be a lively discussion that will also include details of the many economic and social advantages and new jobs that companies, like Arbitrade, will bring to countries in which they settle and do business around the world. Details of how to access the press briefing webcast are as follows: Please register now for the upcoming Arbitrade Conference Call: Date: Wednesday, June 27, 2018 Time: 8:00 a.m. EST We recommend that you connect to the meeting at l

Northland Power's Hai Long Offshore Wind Project Awarded Additional 744 Megawatts in Taiwan Auction22.6.2018 14:15Pressmeddelande

TORONTO, June 22, 2018 (GLOBE NEWSWIRE) -- Northland Power Inc. ("Northland") (TSX:NPI) today announced that the Taiwan Bureau of Energy ("BOE") has awarded 232 megawatts ("MW") to the Hai Long 2 offshore wind farm ("Hai Long 2") and 512 MW to the Hai Long 3 offshore wind farm ("Hai Long 3") under Taiwan's offshore wind auction program. These awards are separate from and in addition to the 300 MW in 2024 that Hai Long 2 was allocated by the Taiwan BOE on April 30, 2018 under Taiwan's Feed-in-Tariff ("FIT") program. Northland and its partner Yushan Energy Co. Ltd. ("Yushan Energy") own 60% and 40%, respectively, of Hai Long 2 and Hai Long 3. This is another significant step for Northland in Taiwan, with a second and third project progressing to connect to Taiwan's grid in 2025, subject to securing 20-year power purchase agreements. Taken together with the FIT award, the Hai Long 2 and Hai Long 3 offshore wind farms now total 1,044 MW of offshore wind capacity in Taiwan. Northland is bui

Williams Scotsman to Acquire ModSpace22.6.2018 13:09Pressmeddelande

Creates an industry-leading specialty rental services provider with over $1 billion of combined revenue and over 160,000 rental units across North America Leverages, and further strengthens, Williams Scotsman's scalable operating platform to capture an estimated $60 million of cost synergies Combines the best of both companies' go-to-market strategies, benefiting our customers and accelerating the expansion of Williams Scotsman's turnkey "Ready To Work" solutions across a broader asset base and enhanced branch network Total enterprise value of approximately $1.1 billion represents 6.6x ModSpace's Adjusted EBITDA for the twelve month period ended March 31, 2018, inclusive of forecast cost synergies and the expected value of acquired tax attributes1 ,2 BALTIMORE, June 22, 2018 (GLOBE NEWSWIRE) -- WillScot Corporation (NASDAQ:WSC) ("Williams Scotsman") the leading specialty rental services provider of innovative modular space and portable storage solutions across North America, today anno

GMAC Launches 'Study in China' Initiative in Partnership with 11 Leading Business Schools in China22.6.2018 06:01Pressmeddelande

BEIJING and HONG KONG, June 22, 2018 (GLOBE NEWSWIRE) -- On June 22, the Graduate Management Admission Council (GMAC) joins hands with 11 leading business schools in China to launch the "Study in China" initiative. This partnership marks the opening of an interactive platform for international students across 20 Belt and Road (B&R) regions to explore opportunities in China and to pursue higher education in business-related fields. The "Study in China" initiative aims to meet rapidly growing international student demand and to champion China as a world-class study destination and emerging global hub for business education. The "Study in China" online portal (www.studyinchinamba.com) officially launched today allows students to discover more about studying and living in China. The newly designed English-language website connects prospective students with partner business schools and offers access to an abundance of information to help find the perfect fit for their China education experi

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum