Guidelines on Electronic Mail Security (Draft) - Special Publication 800-45A

GuidanceNational Institute of Standards and Technology (NIST)Information Security

Electronic mail (email) is perhaps the most popularly used system for exchanging business information over the Internet (or any other computer network). At the most basic level, the email process can be divided into two principal components: (1) mail servers, which are hosts that deliver, forward, and store mail; (2) clients which interface with users and allow users to read, compose, send, and store email messages. This document addresses the security issues of both mail servers and mail clients.

Mail servers and user workstations running mail clients are frequently targeted by attackers. Because the computing and networking technologies that underlie email are ubiquitous, it is well understood and attackers are able to develop attack methods to exploit the technology. Mail servers are also targeted because they (and public Web servers) must communicate to some degree with untrusted third parties. Additionally, email clients have been targeted as an effective means of inserting malware into machines and of propagating this code to other machines.

> Read entire regulation (log in required - registration is free)