email authentication

Category

Posts

DMARC Analyzer’s CEO and Key Account Managers come together during this Webinar to give insight on how DMARC can prevent malicious attacks on the email channel. They will share their own experiences with DMARC and offer advice on eliminating SPAM and phishing emails for your organization.

When:  Thursday, November 15th 2018 at:

11:00 AM PST
02:00 PM EST
08:00 PM CET

Please click here to register for this webinar!

In this 45 minute webinar, GCA partner dmarcian’s CEO, Tim Draegen, and GreatHorn CEO, Kevin O’Brien, will explore how their approach to addressing today’s sophisticated and highly targeted spear phishing threats is shifting, and how the technology we use for keeping up has evolved.

You’ll leave the webinar with an understanding of:

  • Today’s most pernicious threats
  • The pros and cons of legacy tools
  • New approaches to addressing these threats

When: Thursday, November 1

11am PT – 2pm ET

Please Click Here to register for the webinar.

 

Our CEO, Philip Reitinger, discusses how US federal agencies’ progress on DMARC deserves praise.

“Based on the most recent numbers from DHS, reported by FCW, federal agencies will come close to making the Department of Homeland Security’s deadline to implement Domain-Based Message Authentication, Reporting and Conformance tools, or DMARC.”

Click below to read the entire article.

Fed Gov 90 Days to DMARC

The Global Cyber Alliance Provides Free Tools for Agencies to Meet

U.S. Department of Homeland Security Deadline


WASHINGTON, D.C., July 16, 2018 – U.S. federal government agencies have less than 90 days to meet a U.S. Department of Homeland Security (DHS) Binding Operational Directive (BOD) focused on bolstering email and website security for all federal agencies that operate .gov email and website domains. The federal government has made good progress toward fulfilling the directive, with 74% of the domains tested having implemented a DMARC policy, however, less than half of the domains (47%) are at the highest policy level of “reject” – the setting that prevents spoofed email from being delivered to people. Agencies have three more months to meet the requirements of the directive.

By October 16, 2018, all agencies are required to deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) at the policy level of “reject” to prevent spammers and phishers from using an organization’s name to conduct cyberattacks.

Since the BOD was issued on October 16, 2017, GCA research has found that more than 600 agency email domains have moved to the most secure “reject” setting for DMARC. In total, 605 domains are set to “reject” and 26 are set at the second-highest security level, “quarantine”. However, half of all federal government email domains (319) have only deployed DMARC at its least secure setting or have not deployed DMARC at all (334).

“DHS has shown tremendous leadership in requiring the deployment of advanced email and web security tools that will protect consumers, government workers and our nation’s critical infrastructure,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “Even with difficulties, agencies should at least have implemented DMARC at its most simple level. It takes little time, does not risk disruption of service, and provides insight on operations and threats.”

GCA has helped organizations implement DMARC with a collection of free resources that include the GCA DMARC Setup Guide, instructional videos, and webinars. Agencies can take advantage of these resources online at www.dmarc.globalcyberalliance.org.

DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of any person with an email address.  According to the 2018 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years.

Without DMARC protection, hackers can create emails that appear to be from a trusted source but instead contain malicious links or ask for additional personal information that could be provided by unsuspecting consumers.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

Anti-Phishing and Web Surfing Security Tools Deployed Across More Than 200 Countries


London, June 6, 2018 – The Global Cyber Alliance (GCA) announced today several key milestones in its continuing mission to eradicate cyber risk through concrete actions.

The successful Quad9 DNS security service, which protects users from accessing known malicious websites, has grown more than 35-fold since its launch in November 2017, now reaching more than 120 countries and blocking up to 360 million connections to malicious and compromised websites in the past six months.

In addition, more than 22,000 organizations in 166 countries have used the GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) Setup Guide to check their email domain’s phishing security and spoofing security. Nearly 5,000 organizations have deployed DMARC to protect their employees, partners and customers from being tricked by scammers trying to hijack their web domain to steal personal or financial information.

The announcements came following a meeting of GCA’s Strategic Advisory Committee, which comprises executives from more than 40 organizations spanning the finance, health, telecommunications, education, insurance, cybersecurity, technology, and media sectors, as well as government and law enforcement officials from Canada, France, the United Kingdom, and the United States.

“GCA was formed to take collective action to reduce and eradicate cyber risks, and we do this by uniting global communities, implementing concrete solutions, and measuring the effects,” said GCA president and CEO, Phil Reitinger. “We are passionate about helping users access affordable and automatic security solutions, and our progress over the past six months, in collaboration with many dedicated individuals and organizations, inspires us to keep moving forward and tackling new challenges.”

6 months of Quad9

The Quad9 DNS security service, which GCA conceptualized and built with IBM and Packet Clearing House, has scaled quickly since its launch six months ago. The service incorporates multiple threat intelligence feeds and blocks up to two million domain lookups each day, preventing users from connecting to a malicious website. More than a dozen cities were recently added to the service’s network of servers, including Bangkok, Thailand; Vilnius, Lithuania; Columbo, Sri Lanka; Siegerland, Germany; Posadas, Argentina; Luanda, Angola; Kiev, Ukraine; Kuala Lumpur, Malaysia; Enfidha, Tunisia; Harare, Zimbabwe; Lyon, France; and Tallinn, Estonia.

“We selected these regions because our deployment model is specifically designed to push our DNS services out to the very edges of the world in places where most other systems will not or cannot deliver excellent service,” said John Todd, Quad9 executive director. “Everyone should be able to enjoy a base level of security, privacy, and performance on the Internet regardless of location or economic circumstances. The focus as we grow our network footprint is to be in every country and every city in which we can deploy our service, regardless of economic weight, population density, or pre-existing network infrastructure.”

DMARC and Email Security

DMARC (Domain-based Message Authentication, Reporting & Compliance) was developed as a collaborative effort to combat fraudulent email by authenticating the sender of an email. GCA created a Setup Guide that enables world-wide adoption of DMARC, an email authentication standard that helps users protect their email domains from spoofers, spammers and phishing attacks.

The guide has been translated into 17 languages and has been used by more than 13,500 organizations in the past six months. In 2016, the U.K. government mandated that all U.K. government domains enable DMARC. The U.S. government followed suit in late 2017 with the issuance of Binding Operational Directive 18-01, requiring all U.S. federal civilian domains to enable DMARC.

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

###

The U.S. government has gotten behind the Domain-based Message Authentication, Reporting & Conformance (DMARC) email authentication standard in full force while the private sector, for once, is playing catch up. Phil Reitinger, president and CEO of the Global Cyber Alliance, spoke with SC Media Executive Editor Teri Robinson about DMARC’s benefits and its trajectory in both the private and public sectors.

You can watch the full video interview here:

For more information about DMARC and how to implement it to better protect your domain, please visit dmarc.globalcyberallaince.org.

Bob Gourley, former Defense Intelligence Agency CTO and Founder and CTO of Crucial Point, LLC, discusses the failure of government IT contractors to incorporate some standard email security measures with Government Matter TV.