Skip to content
arrow_back
policyASD ISM

Guidelines for email

26 controls in this part of theASD ISM. Each control links to plain-English guidance, audit tips and cross-framework mappings.

Email gateways and servers

ISM-0567
Restrict Email Relay to Specific Domains
ISM-0569
Centralise Email Routing via Gateways
ISM-0570
Maintain Backup Email Gateways to Primary Standards
ISM-0571
Ensure Secure Email Transmission via Gateways
ISM-0572
Enable Opportunistic TLS for Email Server Encryption
ISM-0574
Use SPF to Authorise Email Servers
ISM-0861
Enable DKIM Signing for Organisational Emails
ISM-1024
Verify Senders for Email Failure Notifications
ISM-1026
Verification of DKIM Signatures on Incoming Emails
ISM-1027
Configure Email Distribution Lists to Preserve DKIM Signatures
ISM-1151
Verify Email Authenticity Using SPF
ISM-1183
Implement Hard Fail SPF Records for Email Security
ISM-1234
Protect Email Systems with Content Filtering
ISM-1502
Ensure Multi-factor Authentication for Online Services
ISM-1540
Configuring DMARC for Email Security
ISM-1589
Enable MTA-STS for Secure Email Transport
ISM-1799
Enforce Email Rejection for Failed DMARC Checks

Email usage

Back to the full Australian Government Information Security Manual control list, or browse the complete control library.