Recommendations & Guidelines
The NIST have released a rather useful document which gives recommendations and guidelines that will enhance trust in email. This document is particularly beneficial to enterprise email administrators, information security specialists, and network managers. This guideline was written for federal IT systems but is also useful for small to medium sized organizations.
With the standard protocol used to send email (SMTP – Simple Mail Transfer Protocol) there are additional mechanisms which can be used to improve the security of email. These technologies include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain based Message Authentication, Reporting and Conformance (DMARC), Transport Layer Security (TLS), S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy).
This full and comprehensive guide provides highly beneficial advice for the installation of protocols and technologies that advance the trustworthiness of email. The information in this publication will reduce the risk of email contents being revealed to illegitimate parties and also limits the danger of spoofed emails utilized as an attack vector. The information NIST provide cover both email sender and receiver.
The protocols explained in the guidebook implement technologies beyond the core systems and email protocols. The guidebook describes how systems such as Domain Name System (DNS), Public Key Infrastructure (PKI) and other core Internet protocols are used to implement security service for email.
Check out The NIST special publication ‘Trustworthy Email’ in the link below