M3AAWG Issues Mobile Messaging Best Practices for Service Providers to Combat Increasing Text Spam
August 2014 by M3AAWG
Responding to the billions of spam text messages sent each year, the new M3AAWG Mobile Messaging Best Practices for Service Providers just released by the Messaging, Malware and Mobile Anti-Abuse Working Group offers industry guidelines to better protect end-users. The best practices are intended to improve operator security in an increasingly open, globally interconnected messaging environment.
Faced with escalating volumes of mobile spam as the cost to send text messages continues to fall, many service providers are looking for more effective defense techniques that are also compatible with global connectivity needs. The new document, released today at the M3AAWG India Anti-Abuse Working Group meeting in New Delhi, outlines the latest approaches to curbing text, mobile and application-to-person messaging abuse, including SMS, MMS and RCS services.
"As texting becomes less expensive and more accessible with Internet technologies like text-enabled landline accounts, we’re increasingly seeing criminals turning text spam into an illicit money-making machine at the expense of consumers. Mobile abuse is rising significantly. These new best practices incorporate a decade of experience in fighting email and mobile abuse in M3AAWG and outline techniques specific to mobile messaging that can help protect service providers’ networks from being exploited," said Alex Bobotek, M3AAWG Vice Chairman.
The best practices focus on three areas: service design practices, defensive strategies, and abuse detection and mitigation techniques. Key strategies to mitigate text message spam include making abuse less profitable, developing agile defenses and using diverse methods to increase the penetration resistance of an operator’s defenses.
Among other guidelines, the best practices recommend:
Preventing automatic account creation and requiring secure authentication, such as a government-issued identification, when opening new end-user accounts.
Limiting the number of messages new accounts can send at one time and monitoring the black market for the sale of bulk end-user accounts.
Monitoring and limiting spam endorsements (spamprogration), especially when an application sends invites or suggested downloads to end-users’ contact lists without their permission.
Providing user feedback options with a "This Is Spam" button, using the 7726 (spells "spam" on a mobile keyboard) reporting system or an alternative mechanism.
Participating in industry abuse information-sharing forums to stay current on the latest mobile messaging attack techniques.
The M3AAWG Mobile Messaging Best Practices for Service Providers are available from the M3AAWG website at www.m3aawg.org/mobilemessagi... or from the site’s Activities tab under the Published Documents section at http://www.m3aawg.org/published-doc....