US National Institute of Standards and Technology releases draft guide on DNS-based security for e-mail
The US National Cybersecurity Centre of Excellence at the National Institute of Standards and Technology has published a draft Cybersecurity Practice Guide on ‘Domain Name Systems-Based Electronic Mail Security’. The draft, which is open for public comment until 19 December, looks at how commercially available technologies can meet organisations’ needs to improve email security and defend against email-based attacks such as phishing and man-in-the-middle attacks. The guide also describes a security platform which includes authentication of mail servers, signing and encryption of e-mail, and binding cryptographic key certificated to the servers. The platform make use of the Domain Name System Security Extension (DNSSEC) protocol, which is used to authenticate server addresses and certificates used for Transport Layer Security (TLS) to DNS names.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.