Important Alert: Google and Yahoo will require DMARC starting from Feb 2024.

Date of analysis: 03/08/2023

Kazakhstan DMARC Adoption Report 2023

Why is Increasing DMARC Adoption in Kazakhstan Essential?

Boosting the adoption and correct deployment of DMARC in Kazakhstan is an important step toward furthering the security of the country’s online defenses. It’s a proactive step to keep our digital world safe now and in the future. As cyber attacks increase, Kazakhstani organizations need to do more to stop harmful emails from getting through and harming their customers.

By using email authentication tools like DMARC, Kazakhstan’s organizations can show they’re serious about protecting their emails. This not only makes them appear as credible sources but also keeps their information safe. This is really crucial for financial establishments like banks, government offices, hospitals, and schools that send private information through emails, along with any organization dealing with sensitive data.

Is Kazakhstan Adequately Protected Against Email Fraud? 

Kazakhstan dmarc adoption

In the first half of 2021, the Kazakh computer security team, KZ-CERT, dealt with a whopping 11,432 cases of cyber threats. That’s a 15% jump compared to last year. 

Businesses, governmental establishments, and unsuspecting individuals have all been on the attacker’s hit list. As reported on August 2021, no bank in Kazakhstan could prove they had strong security measures in place needed to safeguard their websites, data, or emails from cyberattacks. The state government recognized that the reason for these drawbacks was the lack of education and awareness against information and communication security, especially among small and mid-sized businesses in Kazakhstan. 

In May of 2023, Ukraine’s computer emergency response team, known as CERT-UA, detected a cyber-espionage operation directed at an undisclosed Ukrainian government agency.

Researchers pinpointed a threat actor labeled as UAC-0063, which exhibited indications of intent to focus on countries including Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Attack vectors and modes of deployment included compromised email accounts and email phishing scams. 

The above-mentioned statistics highlight the potential threat to email and information systems in Kazakhstan, and the immediate need to be proactive.

In this report, we focussed on answering the following questions: 

  • What is the current situation of DMARC adoption and enforcement in organizations in Kazakhstan?

  • How can we improve the cybersecurity and email authentication infrastructure in Kazakhstan to mitigate impersonation attacks?

To gain better insight into the current scenario we analyzed 525 domains belonging to top businesses and organizations in Kazakhstan, from the following sectors:

  • Healthcare
  • Energy
  • Government
  • Educational
  • Telecom
  • Media
  • Transport
  • Banking

What Do the Numbers Say?

An in-depth SPF and DMARC adoption analysis was conducted while examining all 525 Kazakhstani domains, which led to the following revelations:

SPF Adoption Analysis in Kazakhstan


DMARC Adoption Analysis in Kazakhstan


Graphical Analysis: Among all 525 domains examined that belong to various organizations in Kazakhstan, 394 domains (75%) possessed correct SPF records, while 106 domains (20.2%) unfortunately had no SPF records at all, and 25 domains (4.8%) had incorrect records. 

A vast majority of domains (350 domains making up 66.7%) had no DMARC records at all. 79 domains had their DMARC policy set at none (15%), enabling monitoring only, while 46 domains (8.8%) had their DMARC policy level set at quarantine, and 46 domains (8.8%) had their DMARC policy set at maximum enforcement (i.e. p=reject).