Important Alert: Google and Yahoo will require DMARC starting from April 2024.
Read more

Date of analysis: 03/02/2023

DMARC Adoption in Saudi Arabia: 2023 Report

DMARC is a useful standard that has been globally acclaimed for its email authentication and security benefits. Improving DMARC adoption in Saudi Arabia will help organizations in the country further strengthen their existing security posture and be better prepared to fight against email-based attacks: a phenomenon that is wreaking havoc in the entire world in this age of digital communication. Through this comprehensive report, we aim to analyze the current state of DMARC adoption in Saudi Arabia, and suggest ways in which the rate can be considerably increased without negatively impacting deliverability rates. 

Book a demo Download PDF

Assessing the Threat Landscape

DMARC Adoption in Saudi Arabia

In 2022, Saudi Arabia saw a huge surge in digital fraud and phishing attacks. According to an analysis released by Kaspersky, in Q2 of 2022 phishing, scams, and social engineering hit the roof in Saudi Arabia with a whopping 168% increase in attacks. The analysis conducted by the organization shed light on 5,808,946 phishing attacks that were detected by their security systems in Saudi Arabia in quarter 2 alone.

Security analysts have further estimated the cost of a data breach resulting from a single attack incident is expected to exponentially rise in Saudi Arabia in the year 2023. Based on recent studies, it is known that phishing continues to be a widespread and growing problem globally, including in the Middle East region, and that it is constantly evolving to evade detection and increase its effectiveness. It is important for individuals and organizations to stay informed and take proactive measures to protect themselves against phishing attacks.

The above-mentioned statistics on the lack of email security in Saudi Arabia raise some serious concerns:

  • What is the current situation of DMARC adoption and enforcement in organizations in Saudi Arabia?

  • How can we improve the cybersecurity and email authentication infrastructure in Saudi Arabia to mitigate impersonation attacks? 

To gain better insight into the current scenario we analyzed 1049 domains belonging to top businesses and organizations in Saudi Arabia, from the following sectors:

  • Banking 
  • Government 
  • Healthcare
  • Energy
  • Telecommunications
  • Education
  • Transport
  • Media and Entertainment

Graphical Analysis: Among all 1049 domains examined that belong to various organizations in Saudi Arabia, 438 domains (41.8%) possessed correct SPF records, 49 domains (4.7%) had incorrect SPF records, while a ruling majority of 562 domains (53.6%) unfortunately had no SPF records at all. 307 domains (29.3%) had correct DMARC records, while 2 of the domains (0.2%) had DMARC records that contained errors. A vast majority of domains (740 domains making up 70.5%) had no DMARC records at all. 114 domains had their DMARC policy set at none (10.9%), enabling monitoring only, while 54 domains (5.1%) had their DMARC policy level set at quarantine, and 139 domains (13.3%) had their DMARC policy set at maximum enforcement (i.e. p=reject).

Key Findings

  • 33.3% of domains in the Saudi Arabian Telecom sector had no SPF record 
  • 38.5% of domains with DMARC implemented had a DMARC policy set at p=none
  • No DMARC record was found for 60.7% of the domains

Key Findings

  • 73.5% of the domains had no SPF record published in their DNS
  • 84.3% of the domains had no DMARC record published in their DNS
  • 36.3% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 28.2% of the domains had no SPF record published in their DNS
  • 52.6% of the domains had no DMARC record published in their DNS
  • 43.2% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 32.4% of the domains had no SPF record published in their DNS
  • 54.1% of the domains had no DMARC record published in their DNS
  • 35.3% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 58.1% of the domains had no SPF record published in their DNS
  • 77.4% of the domains had no DMARC record published in their DNS
  • 42.7% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 23.5% of the domains had no SPF record published in their DNS
  • 50.6% of the domains had no DMARC record published in their DNS
  • 48.8% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 69.3% of the domains had no SPF record published in their DNS
  • 77.6% of the domains had no DMARC record published in their DNS
  • 15.2% of the domains with DMARC implemented were on a “none” policy

Key Findings

  • 55% of the domains had no SPF record published in their DNS
  • 67.9% of the domains had no DMARC record published in their DNS
  • 36.3% of the domains with DMARC implemented were on a “none” policy

Comparative Analysis of SPF Adoption among Different Sectors in Saudi Arabia

The SPF adoption rate was found to be the lowest in the Saudi Arabian healthcare sector, closely followed by the banking and media & entertainment sectors. The highest rate of SPF adoption was noted in the Saudi Arabian education sector.

Comparative Analysis of DMARC Adoption among Different Sectors in Saudi Arabia

The Saudi Arabian healthcare sector also noted the lowest rate of DMARC adoption, closely followed by the banking and media & entertainment sectors. The highest rate of DMARC adoption was noted among educational institutions in Saudi. A large percentage of organizations in all sectors had their DMARC policies at monitoring only.

Critical Errors Organizations in Saudi Arabia are Making

On analyzing 1049 Saudi Arabian domains from various sectors and industries, it is evident that organizations in Saudi Arabia are making some critical errors that can jeopardize their online reputation and the safety of their clients:

Steps to be Taken for Improving Email Security in Saudi Arabia

The following steps can be taken by Saudi Arabian organizations to improve their overall email security posture: 

How can PowerDMARC Help You in this Process?

To achieve a secure email ecosystem, DMARC/DKIM/SPF must be enabled in all gateways within the company. Everything within the company must use a single set of security standards to detect and prevent accidental and malicious email sending sources. PowerDMARC provides a full suite of email security services and hosted solutions that enable you to protect your brand reputation and customers against a wide range of email-borne threats.

Let’s join hands to increase the rate of DMARC adoption and strengthen the email security infrastructure in businesses across Saudi Arabia. Get in touch with us at [email protected] to find out how we can help protect your domain and business today!