The past forty years have seen both the worldwide adoption of email and the simultaneous rise of Internet-based crimes and threats. While the Internet’s underlying core email protocol—Simple Mail Transport Protocol (SMTP)—is still in use today, it is increasingly vulnerable to a wide range of attacks, content modification, and unauthorized surveillance. The augmentation of basic standards with spoofing and integrity protections, encryption, and authentication can help mitigate these threats and ensure that properly implemented email systems are sufficiently secure for government, financial, and medical communications.
NIST announces the publication of Special Publication (SP) 800-177 Revision 1, Trustworthy Email, which describes guidelines for enhancing trust in email and includes recommendations for deploying core SMTP and Domain Name Systems (DNS) authentication mechanisms. The document includes newly specified email protocol security additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system FISMA overly developed to aid systems administrators in deploying email services that address relevant FISMA controls.
