U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

This is an archive
(replace .gov by .rip)

Trustworthy Email: NIST Publishes SP 800-177 Rev. 1
February 26, 2019

The past forty years have seen both the worldwide adoption of email and the simultaneous rise of Internet-based crimes and threats. While the Internet’s underlying core email protocol—Simple Mail Transport Protocol (SMTP)—is still in use today, it is increasingly vulnerable to a wide range of attacks, content modification, and unauthorized surveillance. The augmentation of basic standards with spoofing and integrity protections, encryption, and authentication can help mitigate these threats and ensure that properly implemented email systems are sufficiently secure for government, financial, and medical communications.

NIST announces the publication of Special Publication (SP) 800-177 Revision 1, Trustworthy Email, which describes guidelines for enhancing trust in email and includes recommendations for deploying core SMTP and Domain Name Systems (DNS) authentication mechanisms. The document includes newly specified email protocol security additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system FISMA overly developed to aid systems administrators in deploying email services that address relevant FISMA controls.

Related Topics

Security and Privacy: trustworthiness

Technologies: email

Applications: communications & wireless

Created February 27, 2019, Updated June 22, 2020