2.5 MB | 3 files | PDF
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations.
Email is a core application of computer networking and has been such since the early days of internet development. In those early days, networking was a collegial, research-oriented enterprise. Security was not a consideration. The past forty years have seen diversity in applications deployed on the internet, and worldwide adoption of email by research organizations, governments, militaries, businesses and individuals. At the same time there has been an associated increase in (internet-based) criminal and nuisance threats.
The internet’s underlying core email protocol, Simple Mail Transport Protocol (SMTP), was adopted in 1982 and is still deployed and operated today. However, this protocol is susceptible to a wide range of attacks including man-in-the-middle content modification and content surveillance. The basic standards have been modified and augmented over the years with adaptations that mitigate some of these threats. With spoofing protection, integrity protection, encryption and authentication, properly implemented email systems can be regarded as sufficiently secure for government, financial and medical communications.
The National Institute of Standards and Technology (NIST) has released a new publication entitled "Trustworthy Email." This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will also be useful for small or medium sized organizations. Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP) and the Domain Name System (DNS) include mechanisms for authenticating a sending domain: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC). Recommendations for email transmission security include Transport Layer Security (TLS) and associated certificate authentication protocols. Recommendations for email content security include the encryption and authentication of message content using S/MIME (Secure/Multipurpose Internet Mail Extensions) and associated certificate and key distribution protocols.
The attached zip file includes:
Chapter 2 focuses on answering questions faced by individuals interested in using storage or database technologies to solve their Big Data problems. ... More >>
This Microsoft PowerPoint 2016 Quick Reference covers the basics screen layout, fundamentals of using the program and working with slides, keyboard shortcuts, formatting, transitions and working with images and multimedia files. ... More >>
This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ... More >>