NIST SPECIAL PUBLICATION 1800-6
Domain Name System-Based Electronic Mail Security¶
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B), and How-To Guides (C)
Scott Rose
William Barker
Santos Jha
Chinedum Irrechukwu
Karen Waltermire
This publication and its additional content is available free of charge from:
https://doi.org/10.6028/NIST.SP.1800-6
NIST SPECIAL PUBLICATION 1800-6
Domain Name System-Based Electronic Mail Security
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B), and How-To Guides (C)
Scott Rose
Information Technology Laboratory
National Cybersecurity Center of Excellence
William Barker
Dakota Consulting
Silver Spring, MD
Santos Jha
Chinedum Irrechukwu
The MITRE Corporation
McLean, VA
Karen Waltermire
National Cybersecurity Center of Excellence
National Institute of Standards and Technology
This publication and its additional content is available free of charge from:
https://doi.org/10.6028/NIST.SP.1800-6
January 2018
U.S. Department of Commerce
Wilbur L. Ross, Jr., Secretary
National Institute of Standards and Technology
Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology
- Volume B
- 1. Summary
- 2. How to Use This Guide
- 3. Approach
- 3.1. Audience
- 3.2. Scope
- 3.2.1. Transport Layer Security (TLS)
- 3.2.2. Domain Name System Security Extensions (DNSSEC)
- 3.2.3. DNS-Based Authentication of Named Entities (DANE)
- 3.2.4. Binding X.509 Certificates with DANE
- 3.2.5. Demonstration of Digital Signature and Encryption of Email
- 3.2.6. Demonstration of End-to-End Digital Signature of Mail
- 3.3. Assumptions
- 3.4. Risk Assessment
- 3.4.1. Threats
- 3.4.2. Vulnerabilities
- 3.4.3. Risk
- 3.4.4. Cybersecurity Framework Functions, Categories, and Subcategories Addressed by the Project
- 3.4.5. Cybersecurity References Directly Tied to Those Cybersecurity Framework Categories and Subcategories Addressed by the Project
- 3.4.6. Other Security References Applied in the Design and Development of the Project
- 3.5. Technologies
- 4. Architecture
- 5. Outcome
- 6. Security Characteristic Analysis
- 7. Future Build Considerations
- Volume C
- 1. Introduction
- 2. How to Install and Configure DNS-Protected Email Security Components
- 2.1. Laboratory Set-up
- 2.2. How to Install and Configure Microsoft Server-Based DNS-Protected Email Security Components
- 2.3. How to Install and Configure BIND
- 2.4. NSD4 Requirements, Installation, Setup, and Configuration Components
- 2.5. How to Install and Configure OpenDNSSEC
- 2.6. Unbound
- 2.7. How to Install and Configure a DNS Signer Platform
- 2.8. How to Install and Configure a DNS Authority Platform
- 2.9. How to Install and Configure a DNS Cache
- 2.10. How to Install and Configure a Dovecot/Postfix Mail Transfer Agent
- 2.11. How to Install and Configure a Thunderbird Mail Client
- 2.11.1. Thunderbird Installation Basics and System Requirements
- 2.11.2. Thunderbird Installation and Configuration on Windows
- 2.11.3. Thunderbird Installation and Configuration on Linux
- 2.11.4. Thunderbird Installation and Configuration on Mac
- 2.11.5. Thunderbird Configuration for use with Microsoft Exchange
- 2.11.6. Thunderbird Configuration for use with Dovecot/Postfix
- 2.11.7. Thunderbird Support
- 3. Device Configuration and Operating Recommendations