Targeted email attacks are designed to damage or compromise target entities’ information assets by establishing a connection with the targets after gathering sufficient resources to conduct an attack and then enticing them to take certain actions that eventually create a security loophole. These targeted attacks used in inbound and outbound emails are evolving into more sophisticated and unknown types, such as using unknown malicious files or capitalising on the target’s social relationships. However, so far there are no security requirements proposed to effectively prevent or block them. This Recommendation specifies the requirements for security features to block inbound and outbound email attacks in the form of multilevel management that includes countermeasures against targeted email attacks. This approach is necessary to integrate or deploy a new framework to improve internet users’ defence against such attacks. This Recommendation will form a reference on the direction and objectives of designing an email security diagnostic framework or developing email security solutions with those security functional requirements for IT security managers, especially in those countries beginning to be actively engaged in IT development and implementation.