Anti-Phishing and Web Surfing Security Tools Deployed Across More Than 200 Countries

London, June 6, 2018 – The Global Cyber Alliance (GCA) announced today several key milestones in its continuing mission to eradicate cyber risk through concrete actions.

The successful Quad9 DNS security service, which protects users from accessing known malicious websites, has grown more than 35-fold since its launch in November 2017, now reaching more than 120 countries and blocking up to 360 million connections to malicious and compromised websites in the past six months.

In addition, more than 22,000 organizations in 166 countries have used the GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) Setup Guide to check their email domain’s phishing security and spoofing security. Nearly 5,000 organizations have deployed DMARC to protect their employees, partners and customers from being tricked by scammers trying to hijack their web domain to steal personal or financial information.

The announcements came following a meeting of GCA’s Strategic Advisory Committee, which comprises executives from more than 40 organizations spanning the finance, health, telecommunications, education, insurance, cybersecurity, technology, and media sectors, as well as government and law enforcement officials from Canada, France, the United Kingdom, and the United States.

“GCA was formed to take collective action to reduce and eradicate cyber risks, and we do this by uniting global communities, implementing concrete solutions, and measuring the effects,” said GCA president and CEO, Phil Reitinger. “We are passionate about helping users access affordable and automatic security solutions, and our progress over the past six months, in collaboration with many dedicated individuals and organizations, inspires us to keep moving forward and tackling new challenges.”

6 months of Quad9

The Quad9 DNS security service, which GCA conceptualized and built with IBM and Packet Clearing House, has scaled quickly since its launch six months ago. The service incorporates multiple threat intelligence feeds and blocks up to two million domain lookups each day, preventing users from connecting to a malicious website. More than a dozen cities were recently added to the service’s network of servers, including Bangkok, Thailand; Vilnius, Lithuania; Columbo, Sri Lanka; Siegerland, Germany; Posadas, Argentina; Luanda, Angola; Kiev, Ukraine; Kuala Lumpur, Malaysia; Enfidha, Tunisia; Harare, Zimbabwe; Lyon, France; and Tallinn, Estonia.

“We selected these regions because our deployment model is specifically designed to push our DNS services out to the very edges of the world in places where most other systems will not or cannot deliver excellent service,” said John Todd, Quad9 executive director. “Everyone should be able to enjoy a base level of security, privacy, and performance on the Internet regardless of location or economic circumstances. The focus as we grow our network footprint is to be in every country and every city in which we can deploy our service, regardless of economic weight, population density, or pre-existing network infrastructure.”

DMARC and Email Security

DMARC (Domain-based Message Authentication, Reporting & Compliance) was developed as a collaborative effort to combat fraudulent email by authenticating the sender of an email. GCA created a Setup Guide that enables world-wide adoption of DMARC, an email authentication standard that helps users protect their email domains from spoofers, spammers and phishing attacks.

The guide has been translated into 17 languages and has been used by more than 13,500 organizations in the past six months. In 2016, the U.K. government mandated that all U.K. government domains enable DMARC. The U.S. government followed suit in late 2017 with the issuance of Binding Operational Directive 18-01, requiring all U.S. federal civilian domains to enable DMARC.

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.



GCA Press Release

NEW YORK, April 3, 2017 – Trust, from both customers and investors, is the most important currency for financial services companies. A breach of trust can break a bank, while maintaining trust leads to long-term success. At its core, financial services customers expect their banking institutions to protect their money and their information. And it starts with the most basic of 21st century communications – email.

So how are the globe’s leading financial institutions doing?

The good news is that the five largest banks in the U.S. are deploying the Domain-based Message Authentication, Reporting & Conformance (DMARC) email security protocol to prevent their brands from being hijacked and protect consumers from data theft, according to a new study from the Global Cyber Alliance (GCA).

However, there is still much more work to be done.

Only 11 of the top 50 U.S. banks and just 9 of the 50 largest European banks have deployed DMARC to block spoofed emails or have them marked as spam.  Further, NONE of the 50 fastest growing independent banks in the U.S. use DMARC at all. An additional 22 banks out of the top 50 in the U.S. and 10 out of the top 50 in Europe have not fully deployed DMARC, preventing those organizations from gaining the benefits of DMARC. Reasons for this can vary, including that a bank is only beginning the process of DMARC implementation.

“We have tested and used DMARC in monitoring mode and are moving into “reject” mode to protect the more than 60 million emails we distribute monthly,” said Troels Oerting, Group Chief Security Officer, Group CISO for Barclays Plc. “We need more companies to deploy DMARC to strengthen the ecosystem.  I call on my peers across the financial sector and other industries to implement DMARC as part of email security and anti-phishing efforts.”

Banks that deploy DMARC can stop spammers and phishers from using an organization’s name to trick unsuspecting customers and conduct cyber attacks. DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide.

“At U.S. Bank, we work to earn the trust of customers every day,” said Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive at U.S. Bank. “U.S. Bank utilizes DMARC, and I always recommend that our clients consider implementing DMARC to protect their brand and their clients.”

“DMARC is a critical protection against spear-phishing emails and other email-born phishing attacks,” said Freddy Dezeure, head of the Computer Emergency Response Team for the European Union (CERT-EU). “We strongly recommend that every organization implement it to protect their businesses, employees and customers.”

“DMARC prevents the hijacking of a company’s brand, protecting its reputation and its relationships with customers and investors,” said Philip Reitinger, President and CEO of GCA. “DMARC is proven, and it is free. Deployment is quite simple for many small and medium-size organizations, and reasonable for large organizations especially given the significant return on investment. If a customer can’t trust your email correspondence, they will be looking elsewhere rather quickly.”

GCA now offers a DMARC Setup Guide that will take network security professionals step-by-step through the entire DMARC installation process at https://dmarc.globalcyberalliance.org.


About The Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.

GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.