Firms Unite To Fight COVID-19 Spam

A group of major firms, including Google, Verizon and Comcast, has formed an initiative to fight COVID-19-related spam.

M3AAWG (Messaging Malware Mobile Anti-Abuse Working Group), the organizer of the initiative, has called on the industry to “take further steps to authenticate and secure their sending domains and email addresses by deploying email authentication at scale and at enforcement.”

It adds: “Preventing rampant phishing, emboldened and bolstered by the global pandemic, should be the top priority for domain owners."

Specifically, M3AAWG is calling on firms to: 

  • Publish SPF records with at least ~all, or -all if the domain does not send email
  • Sign all mail with aligned DKIM
  • Publish DMARC policies for organizational domains — even non-sending ones — at enforcement: using at least p=quarantine, although p=reject is preferable, across the entire domain and all subdomains without exception 

“The pandemic has provided air cover and new lures for bad actors to harness the collective anxiety, fear and social isolation the world’s sheltering in place societies are experiencing,” M3AAWG states.

Verizon Media writes: “As a 15-year member of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), we believe that just like solving the pandemic crisis itself requires collaboration and cooperation, we need to work together as email service providers, mailbox providers, security vendors, and industry organizations to protect those targeted institutions and consumers.”

Google states: “While many of the defenses in Gmail leverage our technology and scale, we recognize that email as a whole is a large and complex network. This is why we’re working not just to keep Gmail safe, but to help keep the entire ecosystem secure.” 

Gmail recommends senders “adopt DMARC to help prevent spam and abuse. DMARC uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to help ensure that platforms receiving your email have a way to know that it originally came from your systems,” Google adds.

M3AAWG notes that reports began to surface in April that phishing had risen 14,000% as bad actors used the coronavirus as a lure.

The working group has more than 200 members.

Next story loading loading..