The International Telecommunications Union, or ITU, is a specialized agency of the United Nations created to deal with matters related to various forms of communication technology. As you might expect, current and future secure email standards fall squarely within its remit.

The Union was created in 1865 as the International Telegraph Union, and is ‘committed to connecting all the world’s people – wherever they live and whatever their means. It is dedicated to protecting and supporting everyone’s right to communicate and plays a key role in setting global standards for communications security.

So, let’s take a closer look at ITU’s standards for secure email services.

About ITU Standards

You probably encounter ITU email and cybersecurity standards daily without realizing it. These standards are often hidden or barely perceptible but form an integral part in enabling safe and secure communication between devices, people, and organizations worldwide. The standards provide developers with a stable global market, which allows for the creation of tools and applications that benefit end users by keeping costs down and boosting functionality.

It is estimated that around 95% of all email traffic runs on networks conforming to ITU standards. These include standards that define the Terabit-capable Optical Transport Network as well as other advanced broadband networks and access technology (this includes 40-Gigabit-capable Fiber).

In addition, more than 50 cities around the world are measuring their progress in meeting IT standards, and building collaboration between developers and city leaders.

ITU Secure Email Services Standards

One of the key ITU areas of focus is spam. Recommendation X.1241 provides a technical framework for countering email spam, describing an anti-spam processing domain’s recommended structure and defining the function of the major modules in it. In addition, the framework aims to establish a mechanism for sharing information about email spam between different email servers. This would then allow for improved efficiency through a greater degree of interconnection.

Recommendation X.805 defines the framework for achieving end-to-end security of distributed applications. This applies to all applications, even though the vulnerabilities and the measures to counter them may vary according to the needs of an application.

Recommendation X.805 focuses on privacy and data confidentiality, including the protection of the identity of users and activities performed by them, as well as protection against unauthorized access to data contents. The methods for achieving these levels of security include encryption, access control lists, and file permissions.

Authentication is defined by ITU as ‘the provision of proof that the claimed identity of an entity is true.’ Entities here include not only human users but also devices, services, and applications.’ They go on to say that authentication also ‘provides assurance that an entity is not attempting a masquerade or an unauthorized replay of a previous communication.’ This is all covered in a range of standards recommendations, including F.500, F.851, F.852, H.235, and J.160, amongst others.

How the Standards Are Created

Most standardization work is driven by private-sector members, with key players coming together to develop voluntary international standards. These are designed to meet the needs of the existing industry, as well as accommodate growth and innovation. More than 300 ITU standards are released annually across the board, all based on the principle that all voices are heard and that no standards shall be created to favor particular commercial interests. This includes participation from all 193 member states, more than 700 private sector bodies, and 150 academic or research institutes.