More

    NIST Guidelines on Electronic Mail Security

    NIST Guidelines on Electronic Mail Security

    The popularity of e-mail makes it a prime target for attackers. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail.

    Electronic mail is perhaps the most popularly used system for exchanging business
    information over the Internet (or any other computer network). At the most basic level,
    the email process can be divided into two principal components: (1) mail servers, which
    are hosts that deliver, forward, and store email; and (2) mail clients, which interface
    with users and allow users to read, compose, send, and store email. This document
    addresses the security issues of mail servers and mail clients, including Web-based
    access to mail.

    Mail servers and user workstations running mail clients are frequently targeted by
    attackers. Because the computing and networking technologies that underlie email are
    ubiquitous and well-understood by many, attackers are able to develop attack methods to
    exploit security weaknesses. Mail servers are also targeted because they (and public
    Web servers) must communicate to some degree with unreliable third parties.
    Additionally, mail clients have been targeted as an effective means of inserting
    malware into machines and of propagating this code to other machines. As a result, mail
    servers, mail clients, and the network infrastructure that supports them must be
    protected.

    The attached Zip file includes:

    • Intro Page.doc
    • Cover Sheet and Terms.pdf
    • Guidelines on Electronic Mail Security.pdf

    Latest Articles