Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Trustworthy Email: NIST Publishes SP 800-177 Rev. 1
February 26, 2019

The past forty years have seen both the worldwide adoption of email and the simultaneous rise of Internet-based crimes and threats. While the Internet’s underlying core email protocol—Simple Mail Transport Protocol (SMTP)—is still in use today, it is increasingly vulnerable to a wide range of attacks, content modification, and unauthorized surveillance. The augmentation of basic standards with spoofing and integrity protections, encryption, and authentication can help mitigate these threats and ensure that properly implemented email systems are sufficiently secure for government, financial, and medical communications.

NIST announces the publication of Special Publication (SP) 800-177 Revision 1, Trustworthy Email, which describes guidelines for enhancing trust in email and includes recommendations for deploying core SMTP and Domain Name Systems (DNS) authentication mechanisms. The document includes newly specified email protocol security additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system FISMA overly developed to aid systems administrators in deploying email services that address relevant FISMA controls.

Related Topics

Security and Privacy: trustworthiness

Technologies: email

Applications: communications & wireless

Created February 27, 2019, Updated June 22, 2020