New M3AAWG Documents About Blocklists and Compromised User IDs

Return Path is a Sponsor-level member of M3AAWG, the Messaging, Malware, and Mobile Anti-Abuse Working Group. As M3AAWG members, we are committed to collaborating with others in the industry to produce best practices documents to help organizations prevent network abuse. Recently, M3AAWG published two documents that we wanted to highlight.

The first document, “Help – I’m On A Blocklist”, is valuable to anyone who runs an email system, whether for email marketing, corporate mail, or consumers.

Nearly all email systems at some point have delivery issues because their sending IPs or domains are included on a blocklist. This includes Email Sender Providers and network operators. Depending on where mail is blocked, these listings can trigger a panic reaction inside the blocked company. Therefore, understanding the established procedures defining how to triage and respond to the situation is important to ensure a timely and effective resolution. This document specifically addresses delivery failures due to active blocks placed against a sender’s IP address or domain.

The second document, titled “M3AAWG Compromised User ID Best Practices”, will be of particular interest to our mailbox provider partners.

This M3AAWG best practices document is focused on addressing problems associated with compromised user accounts. In order to address the problem, it is important to define what a compromised user account is and how user accounts become compromised. This document discusses mitigation techniques and ways of identifying compromised accounts. Rounding out the document is a set of recommendations to ensure the long-term security of accounts to prevent “re-compromise.”

This document is intended for operations staff involved in the creation and management of end user accounts, as well as for abuse-desk personnel who deal with the repercussions of compromised end user accounts.

Special thanks to my colleagues at M3AAWG for the many hours they contributed to this work. We highly recommend utilizing these documents to manage a more secure email ecosystem.

For more information, email eig-blog at returnpath dot com.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time