The National Institute for Standards and Technology announced the release of Special Publication (SP) 800-177 Rev. 1, Trustworthy Email today, which describes guidelines for enhancing trust in email and recommendations for the support of core Simple Mail Transfer Protocol (SMTP) and Domain Name Systems (DNS) through the use of authentication mechanisms. SMTP is an internet standard for email transmission
The publication includes newly specified email protocol additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system.
SP 800-177 Rev. 1 lists recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers, NIST said in a release.
Guidance applies to federal IT systems and will also be useful for small or medium sized organizations, NIST advised. Technologies recommended in support of core SMTP and DNS include mechanisms for authenticating a sending domain: Sender Policy Framework (SPF), Domain Keys Identified Mail(DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC).
Recommendations for email transmission security include Transport Layer Security (TLS) and associated certificate authentication protocols. Recommendations for email content security include the encryption and authentication of message content using S/MIME (Secure/Multipurpose Internet Mail Extensions) and associated certificate and key distribution protocols.
SP 800-177 Rev. 1 supersedes SP 800-177 published in September 2016.
Publication: SP 800-177 Rev. 1 (DOI)
Supplemental Material:High Assurance Domains project (other)
Related NIST Publications: SP 800-45 Version 2
Authors: Scott Rose (NIST), Stephen Nightingale (NIST), Simson Garfinkel (U.S. Census Bureau), Ramaswamy Chandramouli (NIST)