Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

SP 800-177 Rev. 1 (DRAFT)

Trustworthy Email (2nd Draft)

Date Published: December 2017
Comments Due: January 31, 2018 (public comment period is CLOSED)
Email Questions to:


Scott Rose (NIST), Stephen Nightingale (NIST), Simson Garfinkel (U.S. Census Bureau), Ramaswamy Chandramouli (NIST)


Draft NIST Special Publication 800-177 Revision 1, Trustworthy Email, covers and gives recommendations for state of the art email security technologies to detect and prevent phishing and other malicious email messages. The guide was written for email administrators and for those developing security policies for an enterprise email infrastructure.

This second comment period for Revision 1 is to allow for comments on a newly included security recommendation dealing with mail confidentiality. This revision also includes more text on new email security protocols currently undergoing specification and finalization as IETF Draft Standards. Reviewers should pay particular attention to Sections 5.2 and 7.3, which has newly added material.



Email; Simple Mail Transfer Protocol (SMTP); Transport Layer Security (TLS); Sender Policy Framework (SPF); Domain Keys Identified Mail (DKIM); Domain based Message Authentication, Reporting and Conformance (DMARC); Domain Name System (DNS) Authentication of Named Entities (DANE); S/MIME
Control Families

None selected


Draft (2nd) SP 800-177 Rev. 1

Supplemental Material:
Comment template (xls)

Related NIST Publications:
SP 800-45 Version 2

Document History:
Draft SP 800-177 Rev. 1 (9/13/17)
Draft SP 800-177 Rev. 1 (12/15/17)


Security and Privacy
general security & privacy

communications & wireless