GlobeNewswire

M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms

Dela

SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at http://www.m3aawg.org/about/roster.




This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire

Om

GlobeNewswire



Följ GlobeNewswire

Abonnera på våra pressmeddelanden.

Senaste pressmeddelandena från GlobeNewswire

Immunicum AB (publ) Announces Upcoming Investor Events in October and November22.10.2018 16:00Pressmeddelande

Press Release 22 October 2018 Immunicum AB (publ) Announces Upcoming Investor Events in October and November Immunicum AB (publ; IMMU.ST) announced today that the Company will participate in and host investor events in October and November. At all events Carlos de Sousa, CEO of Immunicum, and other members of the management team, will provide a corporate presentation and be available for a question and answer session. BioStock Life Science Summit Date: October 25, 2018 Presentation Time: 18.50 Central European Time Venue: Medicon Village, Scheelevägen 2, Building 302-auditorium, Lund, Sweden Registration Link: https://www.eventbrite.com/e/biostock-life-science-summit-tickets-51114333347 Immunicum Investor Event - Gothenburg Date: October 29, 2018 Presentation Time: 17.30 - 20.00 Central European Time Venue: First Hotel G, Nils Ericsonplatsen, 411 03 Gothenburg, Sweden Immunicum Investor Event - Stockholm Date: October 30, 2018 Presentation Time: 17.30 - 20.00 Central European Time Venu

Immunicum AB (publ) meddelar kommande investerarevent under oktober och november22.10.2018 16:00Pressmeddelande

Pressmeddelande 22 oktober 2018 Immunicum AB (publ) meddelar kommande investerarevent under oktober och november Immunicum AB (publ; IMMU.ST) meddelar i dag att bolaget kommer att anordna och delta i investerarträffar under oktober och november. Vid samtliga event kommer Carlos de Sousa, Immunicums VD, och övriga medlemmar av ledningsgruppen, att hålla en presentation av bolaget och vara tillgängliga för att svara på frågor. BioStock Life Science Summit Datum: 25 oktober 2018 Presentationstid: Kl. 18.50 CET Plats: Medicon Village, Scheelevägen 2, byggnad 302 - hörsalen, Lund Länk för registrering: https://www.eventbrite.com/e/biostock-life-science-summit-tickets-51114333347 Immunicums investerarevent - Göteborg Datum: 29 oktober 2018 Presentationstid: Kl. 17.30 - 20.00 CET Plats: First Hotel G, Nils Ericsonplatsen, 411 03, Göteborg Immunicums investerarevent - Stockholm Datum: 30 oktober 2018 Presentationstid: Kl. 17.30 - 20.00 CET Plats: Ingenjörshuset Citykonferensen, Plan 1, Malmski

Immunicum AB (publ) presenterar prekliniska resultat för ilixadencel i kombination med checkpointhämmare och immunaktiverare på 2018 års ESMO-kongress22.10.2018 12:45Pressmeddelande

Pressmeddelande 22 oktober 2018 Immunicum AB (publ) presenterar prekliniska resultat för ilixadencel i kombination med checkpointhämmare och immunaktiverare på 2018 års ESMO-kongress -- Intratumoral behandling med ilixadencel, en cellbaserad, lagringsbar immunaktiverare, ger en synergistisk antitumöreffekt och förstärker effekten av behandling med anti-PD-1 och anti-CD137 i djurmodeller -- Immunicum AB (publ; IMMU.ST) presenterar under 2018 års ESMO kongress (European Society for Medical Oncology) prekliniska resultat som visar en synergistisk anti-tumöreffekt när bolagets ledande produkt ilixadencel ges i kombination med en checkpointhämmare eller immunaktiverare. Resultaten från studien, som presenteras på en poster, visar att intratumoralt administrerat ilixadencel kan förstärka anti-tumörsvar och överlevnad vid behandling med checkpointhämmare eller immunaktiverare. Detta visar på potentialen hos ilixadencel att bli en komplementerande verkningsmekanism till flera olika framtida im

Immunicum AB (publ) Presents Preclinical Results of Ilixadencel in Combination with Checkpoint Inhibitors and Immune Enhancers at ESMO 201822.10.2018 12:45Pressmeddelande

Press Release 22 October 2018 Immunicum AB (publ) Presents Preclinical Results of Ilixadencel in Combination with Checkpoint Inhibitors and Immune Enhancers at ESMO 2018 -- Intratumoral treatment with ilixadencel, an off-the-shelf cell-based immune primer, provides synergistic anti-tumor effect and enhances efficacy of anti-PD-1 and anti-CD137 treatment in animal model -- Immunicum AB (publ; IMMU.ST) announced today the presentation of preclinical results that showed anti-tumor synergy between its lead product ilixadencel and a checkpoint inhibitor or an immune enhancer in a poster at the European Society for Medical Oncology (ESMO) 2018 Congress. The results of the study highlight the ability of intratumoral ilixadencel to enhance anti-tumor response and survival of systemic checkpoint inhibitors (anti-PD-1) or immune enhancers (anti-CD137/4-1BB). This emphasizes the potential for ilixadencel in multiple future immuno-oncology combination strategies by incorporating complementary mech

Karolinska Development's portfolio company OssDsign announces FDA clearance for Cranioplug22.10.2018 09:00Pressmeddelande

STOCKHOLM, October 22, 2018. Karolinska Development's portfolio company OssDsign announces that its latest product Cranioplug has received 510(k) clearance by the FDA, which allows marketing and sales of the product in US. The implant is the first product of its kind in the US market. Cranioplug is an implant used during neurosurgical procedures. The product is intended to cover and plug holes drilled into the skull during surgery and to reattach cranial bone removed during surgery. Cranioplug resorbs and is replaced with bone during the healing process. Anders Lundqvist, CEO of OssDsign, said: "Receiving clearance for Cranioplug is an important step for OssDsign. This motivates us to increase our presence in the US market and continue to build our US organization throughout 2018 and beyond. The regenerative features of OssDsign's calcium phosphate composition are now getting recognized, and it's our mission to turn them into real benefits for patients, surgeons and hospital systems."

Karolinska Development's portfolio company OssDsign announces FDA clearance for Cranioplug22.10.2018 09:00Pressmeddelande

STOCKHOLM, October 22, 2018. Karolinska Development's portfolio company OssDsign announces that its latest product Cranioplug has received 510(k) clearance by the FDA, which allows marketing and sales of the product in US. The implant is the first product of its kind in the US market. Cranioplug is an implant used during neurosurgical procedures. The product is intended to cover and plug holes drilled into the skull during surgery and to reattach cranial bone removed during surgery. Cranioplug resorbs and is replaced with bone during the healing process. Anders Lundqvist, CEO of OssDsign, said: "Receiving clearance for Cranioplug is an important step for OssDsign. This motivates us to increase our presence in the US market and continue to build our US organization throughout 2018 and beyond. The regenerative features of OssDsign's calcium phosphate composition are now getting recognized, and it's our mission to turn them into real benefits for patients, surgeons and hospital systems."

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum