GlobeNewswire

M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms

Dela

SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.

In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails.  The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.

"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending.  Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.

Industry Collaboration Leads to IETF Internet Draft Header Specification

The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.

M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available.  This will help protect against bots misusing the site's verification emails in an attack.  

The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks.  An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification.  At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.

Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack.  The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."

Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco.  The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.

A complete member list is available at http://www.m3aawg.org/about/roster.




This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire

Om

GlobeNewswire



Följ GlobeNewswire

Abonnera på våra pressmeddelanden. Endast mejladress behövs och den används bara här. Du kan avanmäla dig när som helst.

Senaste pressmeddelandena från GlobeNewswire

Karolinska Development delays publication of its Annual Report for 2018 and changes date for the Annual General Meeting26.4.2019 08:00:00 CESTPressmeddelande

STOCKHOLM, SWEDEN - 26 April 2019. Karolinska Development AB (Nasdaq Stockholm: KDEV) announces today that The Board of Directors has decided to delay the publication of its Annual Report for 2018. Karolinska Development has changed the date for the Annual General Meeting to June 26, 2019. The date for publication of the Annual Report for 2018 has been changed from April 26 to April 30, 2019. Karolinska Development has changed the date for the Annual General Meeting from June 4 to June 26, 2019. Notice to the Annual General Meeting will be published in a separate press release. For more information, please contact: Viktor Drvota, CEO, Karolinska Development AB Phone: +46 73 982 52 02, e-mail: viktor.drvota@karolinskadevelopment.com Fredrik Järrsten, CFO, Karolinska Development AB Phone: +46 70 496 46 28, e-mail: fredrik.jarrsten@karolinskadevelopment.com TO THE EDITORS About Karolinska Development AB Karolinska Development AB (Nasdaq Stockholm: KDEV) is a Nordic life sciences investmen

Karolinska Development senarelägger publicering av årsredovisningen för 2018 och meddelar nytt datum för årsstämma26.4.2019 08:00:00 CESTPressmeddelande

STOCKHOLM, SVERIGE - 26 april 2019. Karolinska Development AB (Nasdaq Stockholm: KDEV) meddelar idag att styrelsen har beslutat att senarelägga publiceringen av årsredovisningen för 2018. Karolinska Development har ändrat datum för årsstämman till den 26 juni 2019. Publiceringen av årsredovisningen för 2018 flyttas från den 26 april till den 30 april 2019. Karolinska Development har ändrat datum för årsstämman från den 4 juni till den 26 juni 2019. Kallelse till årsstämman kommer att publiceras senare i ett separat pressmeddelande. För ytterligare information, vänligen kontakta: Viktor Drvota, vd, Karolinska Development AB Tel: +46 73 982 52 02, e-mail: viktor.drvota@karolinskadevelopment.com Fredrik Järrsten, finanschef, Karolinska Development AB Tel: +46 70 496 46 28, e-mail: fredrik.jarrsten@karolinskadevelopment.com TILL REDAKTÖRERNA Om Karolinska Development AB Karolinska Development AB (Nasdaq Stockholm: KDEV) är ett nordiskt investmentbolag inom life science. Bolaget fokuserar p

Karolinska Developments portföljbolag Aprea Therapeutics har fått särläkemedelsstatus och snabbspårstatus från FDA för APR-24616.4.2019 12:46:00 CESTPressmeddelande

STOCKHOLM, SVERIGE - 16 april 2019. Karolinska Development AB meddelar idag att portföljbolaget Aprea Therapeutics har av FDA fått särläkemedelsstatus för APR-246 för behandling av patienter med TP53-muterad myelodysplastiskt syndrom (MDS). Dessutom ger FDA bolaget snabbspårstatus (Fast Track Designation), för APR-246 för behandling av MDS. Amerikanska läkemedelsverket, FDA, ger särläkemedelsstatus till läkemedelskandidater för att snabba på utvärderingen och utvecklingen av säkra och effektiva behandlingar av ovanliga sjukdomar. Särläkemedelsstatus ger företag både regulatoriska och kommersiella incitament genom att läkemedlet får marknadsexklusivitet på den amerikanska marknaden i sju år efter marknadsgodkännande samtidigt som företaget får stöd från FDA när det gäller designen av kliniska prövningar, skatteförmåner för kostnader kopplade till kliniska prövningar och avgiftsbefrielse från FDA. FDA:s snabbspår underlättar utvecklingen av läkemedel som är avsedda för att behandla allva

Karolinska Development's portfolio company Aprea Therapeutics has received FDA Orphan Drug Designation and Fast Track Designation for APR-24616.4.2019 12:46:00 CESTPressmeddelande

STOCKHOLM, April 16, 2019. Karolinska Development's portfolio company Aprea Therapeutics has from FDA received an Orphan Drug Designation for APR-246 for the treatment of patients with Myelodysplastic Syndromes (MDS) having a TP53 mutation. In addition, FDA has also granted Fast Track Designation to APR-246 for treatment of MDS. Orphan Drug Designation is granted by the FDA Office of Orphan Products Development to advance the evaluation and development of safe and effective therapies for the treatment of rare diseases. The designation can provide development and commercial incentives for designated compounds and medicines, including eligibility for a seven-year period of market exclusivity in the U.S. after product approval, FDA assistance in clinical trial design, tax credits related to clinical trial expenses, and an exemption from FDA user fees. The FDA's Fast Track program facilitates the development of drugs intended to treat serious conditions and that have the potential to addre

Bergman & Beving AB: Bergman & Beving förvärvar KGC10.4.2019 14:00:00 CESTPressmeddelande

Pressmeddelande Bergman & Beving förvärvar KGC Bergman & Beving har idag tecknat avtal om förvärv av samtliga aktier i KGC Verktyg & Maskiner AB. KGC, med säte i Älvsjö, har i mer än 60 år utvecklat och levererat kvalitetsverktyg och tillbehör för murning och plattsättning i det egna varumärket KGC. Bolaget omsätter cirka 80 MSEK per år, och har 24 anställda. "KGC är ett ledande varumärke med högt anseende hos murare och plattsättare och har en mycket stark ställning på den svenska marknaden", säger Pontus Boman, VD och koncernchef. Tillträde beräknas ske den 1 maj 2019 och förvärvet bedöms ha en marginellt positiv påverkan på Bergman & Bevings resultat per aktie under innevarande räkenskapsår. Stockholm den 10 april 2019 Bergman & Beving AB (publ) För ytterligare information kontakta: Pontus Boman, VD & Koncernchef, telefon 010-454 77 00 Peter Schön, CFO, telefon 070-339 89 99 Denna information lämnades, genom ovanstående kontaktpersoners försorg, för offentliggörande den 10 april 201

Bergman & Beving AB: Bergman & Beving acquires KGC10.4.2019 14:00:00 CESTPressmeddelande

Press release Bergman & Beving acquires KGC Bergman & Beving has today signed an agreement to acquire all shares in KGC Verktyg & Maskiner AB. KGC, based in Älvsjö, has for more than 60 years developed and delivered quality tools and accessories for bricklayers and tilers in its own brand KGC. The business has a turnover of approximately SEK 80 million per year, and has 24 employees. "KGC is a leading brand with high reputation among bricklayers and tilers and has a very strong position in the Swedish market," says Pontus Boman, President and CEO. The closing is taking effect on 1 May 2019 and the acquisition is expected to have a marginal positive impact on Bergman & Beving's earnings per share during the current fiscal year. Stockholm, 10 April 2019 Bergman & Beving AB (publ) For further information, please contact: Pontus Boman, President & CEO, Tel: +46 10 454 77 00 Peter Schön, CFO, Tel: +46 70 339 89 99 The information was submitted for publication, through the agency of the cont

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum