In recent years the Internet Engineering Task Force (IETF) has been making a range of efforts to secure the email infrastructure and its use. Infrastructure protection includes source authentication by RFC 7208 Sender Policy Framework (SPF), message integrity authentication by RFC 6376 Domain Keys Identified Mail (DKIM), and domain owner feedback on the effectiveness of these methods by RFC 7489 Domain-based Message Authentication, Reporting and Conformance (DMARC).The High Assurance Domains (HAD) secure email project at NIST has been supporting the development of these initiatives by developing and deploying test infrastructure. This report describes our cumulative experiences with a test system for DMARC and its related protocols.
A complete and independent specification of the actions required to achieve a specific test purpose (or a specified combination of test purposes) , defined at the level of abstraction of a particular abstract test method. It may include a preamble and postamble to ensure starting and ending in a stable state (i.e.an identifiable stable state of the System Under Test which can be easily reached and maintained, such as the •idle* state or the *data transfer* state).This specification may involve one or more consecutive or concurrent connections.
Authority �is publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. �is guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A-130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. �is publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.