US National Institute of Standards and Technology releases draft guide on DNS-based security for e-mail

The US National Cybersecurity Centre of Excellence at  the National Institute of Standards and Technology has published a draft Cybersecurity Practice Guide on ‘Domain Name Systems-Based Electronic Mail Security’. The draft, which is open for public comment until 19 December, looks at how commercially available technologies can meet organisations’ needs to improve email security and defend against email-based attacks such as phishing and man-in-the-middle attacks. The guide also describes a security platform which includes authentication of mail servers, signing and encryption of e-mail, and binding cryptographic key certificated to the servers. The platform make use of the Domain Name System Security Extension (DNSSEC) protocol, which is used to authenticate server addresses and certificates used for Transport Layer Security (TLS) to DNS names.