Besides more capacity and faster connections, 5G is expected to provide ultra-reliable services, for example, for machine-to-machine communications. In this paper, we advocate that 5G must do its best to eliminate malicious traffic as a cause of failure of legitimate services. This paper proposes that all communications in 5G should be controlled by policy. The policies facilitate cooperation of customer networks against misbehaving actors and collecting evidence of malicious activity. Dynamic policies can react to hosts that are used in attacks. We propose a system controlled by policy that overcomes the classical weaknesses in the Internet, namely source address spoofing and denial of service attacks. We propose to improve the mobile device experience by new methods of network address translator traversal suitable for battery-powered mobile devices. We believe that 5G will be the major driver for the future Internet, which is why we relate our approach to other proposals for future Internet architecture. Our approach can be deployed one network at a time as it limits the changes to edge nodes; no compulsory changes are proposed to hosts. The paper reports the experience from experimentation and evaluates scalability and security including initial results on performance. © 2015 The Authors. Security and Communication Networks published by John Wiley & Sons, Ltd.