Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Trustworthy Email: NIST Publishes SP 800-177 Rev. 1

NIST announces the publication of NIST Special Publication 800-177 Revision 1, "Trustworthy Email."

The past forty years have seen both the worldwide adoption of email and the simultaneous rise of Internet-based crimes and threats. While the Internet’s underlying core email protocol—Simple Mail Transport Protocol (SMTP)—is still in use today, it is increasingly vulnerable to a wide range of attacks, content modification, and unauthorized surveillance. The augmentation of basic standards with spoofing and integrity protections, encryption, and authentication can help mitigate these threats and ensure that properly implemented email systems are sufficiently secure for government, financial, and medical communications.

NIST announces the publication of Special Publication (SP) 800-177 Revision 1, Trustworthy Email, which describes guidelines for enhancing trust in email and includes recommendations for deploying core SMTP and Domain Name Systems (DNS) authentication mechanisms. The document includes newly specified email protocol security additions, such as Mail Transfer Agent Strict Transport Security (MTA-STS) and Transport Layer Security (TLS) Reporting, as well as an email system FISMA overly developed to aid systems administrators in deploying email services that address relevant FISMA controls.

Released February 26, 2019, Updated March 1, 2019