Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines on Electronic Mail Security



Miles C. Tracy, Wayne Jansen, Scot Bisker


[Superseded by SP 800-45 Ver. 2 (February 2007):] Electronic mail (email) is perhaps the most popularly used system for exchanging information over the Internet. After Web servers, mail servers are often the most targeted and attacked hosts on an organization's network. Various types of mail content and attachments have also proven to be effective in introducing malicious code into a system through the email client. Thus, it is essential to secure mail servers and clients as well as the network infrastructure that supports them. This document has been developed to assist federal departments and agencies, state agencies, and commercial organizations in installing, configuring, and maintaining secure mail servers and mail clients . It presents generic security principles and covers details specific to the various components of a mail system. It also includes examples that address two of the more popular mail server applications running respectively on Unix and Microsoft Windows operating systems: sendmail and Exchange.
Special Publication (NIST SP) - 800-45
Report Number


email, mail client, mail server, security


Tracy, M. , Jansen, W. and Bisker, S. (2002), Guidelines on Electronic Mail Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed June 16, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created September 10, 2002, Updated October 12, 2021