This week I’ve been attending the beautiful city of Paris for the M3AAWG Conference, which is a gathering of industry experts to combat the problems of abuse in messaging, mobile and malware.
I’ve been attending M3AAWG conferences for over 10 years, and a few things strike me about what has changed over the years.
Firstly the attendance has become much more international – I’ve met attendees this week from as far afield as Ghana and Japan as well as the expected attendees from Europe and the USA. Secondly, it’s fascinating to see how the topics that are being discussed have changed compared to 10 years ago – M3AAWG has helped to drive a lot of progress in the industry, and whilst “spam” hasn’t been solved per-se, it’s not a main focus of the conference anymore; instead diverse topics such as combatting phishing, analysing DDoS attacks using honeypots, and mechanisms for communicating SMTP transport encryption policy are among the sessions that I’ve attended this week, which reflect the changing priorities and issues affecting the community. There is even a whole subgroup addressing the problems of robocalling in the telephony world, as well groups reflecting the large number of ESPs who attend the conferences (ESPs send bulk emails on behalf of companies).
However it’s also interesting to see what has not changed in those years; malware is still a hot-topic, and the rise of ransomware provided the basis of a fascinating talk on how ransomware authors manage to deliver and obfuscate their payloads; sessions on honeypots, abuse reporting handling, and rate-limiting senders were all topics that could easily have fitted into a M3AAWG conference of ten years ago.
What hasn’t changed however is the dedication of hundreds of attendees in fighting abuse and protecting end-users from the criminals who attempt to steal their data, abuse their credentials, and disrupt their services.
Long may they continue to do so.