NIST Guidelines on Electronic Mail Security

NIST Guidelines on Electronic Mail Security

The popularity of e-mail makes it a prime target for attackers. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail.

Electronic mail is perhaps the most popularly used system for exchanging business
information over the Internet (or any other computer network). At the most basic level,
the email process can be divided into two principal components: (1) mail servers, which
are hosts that deliver, forward, and store email; and (2) mail clients, which interface
with users and allow users to read, compose, send, and store email. This document
addresses the security issues of mail servers and mail clients, including Web-based
access to mail.

Mail servers and user workstations running mail clients are frequently targeted by
attackers. Because the computing and networking technologies that underlie email are
ubiquitous and well-understood by many, attackers are able to develop attack methods to
exploit security weaknesses. Mail servers are also targeted because they (and public
Web servers) must communicate to some degree with unreliable third parties.
Additionally, mail clients have been targeted as an effective means of inserting
malware into machines and of propagating this code to other machines. As a result, mail
servers, mail clients, and the network infrastructure that supports them must be
protected.

The attached Zip file includes:

• Intro Page.doc
• Cover Sheet and Terms.pdf
• Guidelines on Electronic Mail Security.pdf