Date of analysis: 08/08/2023

Uzbekistan DMARC Adoption Report 2023

The Importance of DMARC Adoption in Uzbekistan

Enhancing DMARC adoption within Uzbekistan holds the key to fortifying the nation’s digital fortress, symbolizing a proactive stride towards safeguarding both today’s assets and tomorrow’s prosperity. In the wake of escalating cyber attacks, Uzbekistani organizations must improve their defenses against email-borne attacks, shielding their clientele from digital malice. 

With Email authentication such as DMARC, organizations in Uzbekistan can display their devotion to practicing strong email authentication and security that fortifies their brand image, and adequately protects their email and information. This is especially important for financial, governmental, healthcare, and educational establishments that exchange sensitive information via email.

Is Uzbekistan Adequately Protected Against Email Fraud?

DMARC-adoption

Uzbekistan has seen a steady increase in targeted phishing attacks, spoofing, and malware infections since 2020. Presidential Resolution No. PP-167, issued on May 31, 2023, has sanctioned a fresh set of cybersecurity regulations for companies. Titled “On additional measures to enhance the cybersecurity system of critical information infrastructure facilities in the Republic of Uzbekistan,” the resolution outlines the new requirements, encouraging organizations to take a proactive approach to cybersecurity and incident response. 

The regulations are likely to affect all businesses with important information systems in the field of agriculture, banking and finance, chemicals, defense and national security, energy, IT, mining, public health, telecoms, etc.

The State Unitary Enterprise “Cybersecurity Center” reported a staggering 1.3 million cyberattacks targeting “uz” segment websites in 2021 alone, underscoring the utmost relevance of cybersecurity and financial fraud concerns in Uzbekistan. Read more

The above-mentioned statistics highlight the lack of email security in Uzbekistan, and the immediate need to be proactive. 

In this report, we focussed on answering the following questions: 

  • What is the current situation of DMARC adoption and enforcement in organizations in Uzbekistan?

  • How can we improve the cybersecurity and email authentication infrastructure in Uzbekistan to mitigate impersonation attacks?

To gain better insight into the current scenario we analyzed 826 domains belonging to top businesses and organizations in Uzbekistan, from the following sectors:

  • Healthcare
  • Energy
  • Government
  • Banking
  • Educational
  • Telecommunication
  • Media and entertainment
  • Transport

What Do the Numbers Say?

An in-depth SPF and DMARC adoption analysis was conducted while examining all 826 Uzbekistani domains, which led to the following revelations:

SPF Adoption Analysis in Uzbekistan

Graphical Analysis: Among all 826 domains examined that belong to various organizations in Uzbekistan, 527 domains (63.8%) possessed correct SPF records, while 281 domains (34.02%) unfortunately had no SPF records at all, and 18 domains (2.2%) had incorrect records. 

199 domains (24.09%) had correct DMARC records, while 2 of the domains (0.2%) had DMARC records that contained errors. A vast majority of domains (625 domains making up 75.66%) had no DMARC records at all. 102 domains had their DMARC policy set at none (12.3%), enabling monitoring only, while 51 domains (6.2%) had their DMARC policy level set at quarantine, and 46 domains (5.8%) had their DMARC policy set at maximum enforcement (i.e. p=reject).

Sector-wise Analysis of Uzbekistani Domains

Healthcare Sector

Key Findings

  • 36.5% of domains in the Uzbekistan Telecom sector had no SPF record 
  • 56% of DMARC-implemented domains were at p=none offering no protection
  • No DMARC record was found for 76% of the domains

Energy Sector

Key Findings

  • 33.3% of the domains had no SPF record published in their DNS
  • 66.7% of the domains had no DMARC record published in their DNS
  • 75% of the domains with DMARC implemented were on a “none” policy

Government Sector

Key Findings

  • 26.5% of the domains had no SPF record published in their DNS
  • 63.2% of the domains had no DMARC record published in their DNS
  • 38.6% of the domains with DMARC implemented were on a “none” policy

Banking Sector

Key Findings

  • 40% of the domains had no SPF record published in their DNS
  • 65.7% of the domains had no DMARC record published in their DNS
  • 56.5% of the domains with DMARC implemented were on a “none” policy

Educational Sector

Key Findings

  • 44.6% of the domains had no SPF record published in their DNS
  • 70.7% of the domains had no DMARC record published in their DNS
  • 34.6% of the domains with DMARC implemented were on a “none” policy

Telecom Sector

Key Findings

  • 25.8% of the domains had no SPF record published in their DNS
  • 77.5% of the domains had no DMARC record published in their DNS
  • 45% of the domains with DMARC implemented were on a “none” policy

Media & Entertainment Sector

Key Findings

  • 28.8% of the domains had no SPF record published in their DNS
  • 83.2% of the domains had no DMARC record published in their DNS
  • 85.7% of the domains with DMARC implemented were on a “none” policy

Transport Sector

Key Findings

  • 40% of the domains had no SPF record published in their DNS
  • 90.3% of the domains had no DMARC record published in their DNS
  • 53.3% of the domains with DMARC implemented were on a “none” policy

Comparative Analysis of SPF Adoption among Different Sectors in Uzbekistan

The SPF adoption rate was found to be the lowest in the Uzbekistan education sector, closely followed by the banking and transport sectors. The highest rate of SPF adoption was noted in the Uzbekistani government sector.

Comparative Analysis of DMARC Adoption among Different Sectors in Uzbekistan

The Uzbekistan transport sector noted the lowest rate of DMARC adoption. The highest rate of DMARC adoption was noted among energy and government however with considerably low rates of enforcement. A large percentage of organizations in all sectors had their DMARC policies at monitoring only.

What Errors Are Organizations in Uzbekistan Making?

After examining 826 domains registered in Uzbekistan across different sectors and industries, it becomes apparent that organizations in the country are committing significant mistakes that could pose potential risks to the security of email communications exchanged with their clients or employees.

Boosting Email Security in Uzbekistan: Methods and Strategies

Uzbekistani organizations can take the following steps to improve their overall email security posture:

How Can PowerDMARC Help You in Your Email Security Journey?

To create a secure email environment, it’s crucial to enable email authentication protocols like DMARC, DKIM, SPF, MTA-STS, TLS-RPT, and BIMI on all domains that you operate within your company. This ensures that all communications within the organization adhere to the same set of security standards, preventing accidental or malicious email sources.

PowerDMARC offers a comprehensive suite of email security services and hosted solutions designed to safeguard your brand reputation and protect customers from various email-related threats, without the hassle or technical complexities involved in protocol implementation, management, and monitoring. 

Here’s what we provide:

By partnering with PowerDMARC, you can fortify your and your customers’ email domains and protect your organization and customers from potential threats, ensuring safer and more reliable email communication.