Important Alert: Google and Yahoo will require DMARC starting from April 2024.

Date of analysis: 03/02/2023

DMARC Adoption in Saudi Arabia: 2023 Report

DMARC is a useful standard that has been globally acclaimed for its email authentication and security benefits. Improving DMARC adoption in Saudi Arabia will help organizations in the country further strengthen their existing security posture and be better prepared to fight against email-based attacks: a phenomenon that is wreaking havoc in the entire world in this age of digital communication. Through this comprehensive report, we aim to analyze the current state of DMARC adoption in Saudi Arabia, and suggest ways in which the rate can be considerably increased without negatively impacting deliverability rates. 

Assessing the Threat Landscape

DMARC Adoption in Saudi Arabia

In 2022, Saudi Arabia saw a huge surge in digital fraud and phishing attacks. According to an analysis released by Kaspersky, in Q2 of 2022 phishing, scams, and social engineering hit the roof in Saudi Arabia with a whopping 168% increase in attacks. The analysis conducted by the organization shed light on 5,808,946 phishing attacks that were detected by their security systems in Saudi Arabia in quarter 2 alone.

Security analysts have further estimated the cost of a data breach resulting from a single attack incident is expected to exponentially rise in Saudi Arabia in the year 2023. Based on recent studies, it is known that phishing continues to be a widespread and growing problem globally, including in the Middle East region, and that it is constantly evolving to evade detection and increase its effectiveness. It is important for individuals and organizations to stay informed and take proactive measures to protect themselves against phishing attacks.

The above-mentioned statistics on the lack of email security in Saudi Arabia raise some serious concerns:

  • What is the current situation of DMARC adoption and enforcement in organizations in Saudi Arabia?

  • How can we improve the cybersecurity and email authentication infrastructure in Saudi Arabia to mitigate impersonation attacks? 

To gain better insight into the current scenario we analyzed 1049 domains belonging to top businesses and organizations in Saudi Arabia, from the following sectors:

  • Banking 
  • Government 
  • Healthcare
  • Energy
  • Telecommunications
  • Education
  • Transport
  • Media and Entertainment

What Do the Numbers Say?

An in-depth SPF and DMARC adoption analysis was conducted while examining all 1049 Saudi Arabian domains, which led to the following revelations: 
Saudi Arabia SPF Adoption
Saudi Arabia DMARC Adoption

Graphical Analysis: Among all 1049 domains examined that belong to various organizations in Saudi Arabia, 438 domains (41.8%) possessed correct SPF records, 49 domains (4.7%) had incorrect SPF records, while a ruling majority of 562 domains (53.6%) unfortunately had no SPF records at all. 307 domains (29.3%) had correct DMARC records, while 2 of the domains (0.2%) had DMARC records that contained errors. A vast majority of domains (740 domains making up 70.5%) had no DMARC records at all. 114 domains had their DMARC policy set at none (10.9%), enabling monitoring only, while 54 domains (5.1%) had their DMARC policy level set at quarantine, and 139 domains (13.3%) had their DMARC policy set at maximum enforcement (i.e. p=reject).