Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Trustworthy Email: NIST Publishes SP 800-177 Rev. 1

NIST announces the publication of NIST Special Publication 800-177 Revision 1, "Trustworthy Email."

The past forty years have seen both the worldwide adoption of email and the simultaneous rise of Internet-based crimes and threats. While the Internet’s underlying core email protocol—Simple Mail Transport Protocol (SMTP)—is still in use today, it is increasingly vulnerable to a wide range of attacks, content modification, and unauthorized surveillance. The augmentation of basic standards with spoofing and integrity protections, encryption, and authentication can help mitigate these threats and ensure that properly implemented email systems are sufficiently secure for government, financial, and medical communications.

NIST announces the publication of Special Publication (SP) 800-177 Revision 1, Trustworthy Email, which describes guidelines for enhancing trust in email and includes recommendations for deploying core SMTP and Domain Name Systems (DNS) authentication mechanisms. The document includes newly specified email protocol security additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system FISMA overly developed to aid systems administrators in deploying email services that address relevant FISMA controls.

Released February 26, 2019, Updated March 1, 2019