Ahead of upcoming email authentication requirements from major providers like Google, Yahoo!, and Apple, a study by cybersecurity firm Proofpoint indicates that companies in the UAE and KSA are leading the charge in implementing robust email security measures compared to their global counterparts.
Research focusing on DMARC (Domain-based Message Authentication, Reporting, and Conformance) analysis of Forbes Global 2000 companies reveals that a significant majority of organizations in the UAE (80%) and KSA (90%) have deployed DMARC records, surpassing the global average of 73%.
DMARC, a protocol aimed at safeguarding domain names from cybercriminal misuse, reduces the risk of impersonation by validating the sender’s identity before delivering emails. The highest level of DMARC protection, known as ‘Reject,’ effectively blocks fraudulent emails from reaching recipients.
With Google and Yahoo! set to enforce stricter email authentication requirements in the first quarter of this year, including the necessity of a robust DMARC policy, bulk senders face increased scrutiny.
Key insights from the DMARC analysis of the Forbes Global 2000 include:
– 27% of the Global 2000 lack any DMARC record, signaling inadequate preparedness for forthcoming email authentication standards, in contrast to 10% in KSA and 20% in the UAE.
– A concerning 69% of the Global 2000 are not actively preventing fraudulent emails from reaching customers, with only 31% implementing the highest level of protection to reject suspicious emails.
– In the UAE, 57% of listed companies are not proactively blocking fraudulent emails, while 43% have implemented DMARC at the ‘reject’ level.
– Companies in KSA demonstrate stronger email security practices, with only 43% failing to actively block fraudulent emails, while 57% have adopted DMARC at the strictest level.
Emile Abou Saleh, Senior Director for the Middle East, Turkey, and Africa at Proofpoint, emphasizes the necessity for continued improvement in cybersecurity measures against email-based threats, highlighting the prevalence of domain spoofing by cybercriminals.
As organizations strive to comply with Google and Yahoo!’s new email authentication requirements, Emile Abou Saleh underscores the importance of implementing Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication methods, along with a DMARC policy, for those sending to Gmail or Yahoo! addresses.