Only 21% of the top 150 Saudi companies have implemented the strictest and recommended level of DMARC protection (‘reject’)

Implementing DMARC ensures fraudulent activity, including phishing, impersonation attacks and other unauthorised use of corporate domains, are shut down before they reach customers


Riyadh, KSA: Leading cyber security and compliance company, Proofpoint, has released research which shows that even though more than half (57%) of the top 150 Saudi organizations have published a DMARC record (Domain-based Message Authentication, Reporting & Conformance), only 21% have implemented the strictest and recommended level of DMARC protection (‘reject’), leaving their customers at risk of email fraud. 

DMARC is an email validation protocol that authenticates the sender’s identity before allowing the message to reach its intended designation. It is designed to protect domain names from being misused by cybercriminals. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said: “The Saudi economy is on an accelerated path to recovery, which is great for businesses. To keep the momentum going, Saudi organizations must ensure that they invest in robust fraud detection and prevention mechanisms to safeguard themselves from opportunistic cybercriminals. By implementing DMARC, organizations can ensure that only legitimate emails are properly authenticated and that fraudulent activity, including phishing, impersonation attacks and other unauthorised use of corporate domains, are shut down before they reach customers.”

Emile added: “Saudi Arabia is witnessing the fastest growth it has seen in a decade. As the Kingdom strengthens its economic diversification agenda, it will need to build robust defences to secure its national infrastructure. Investing in the right cyber defences will be invaluable for Saudi organizations in the future.”

The global findings of Proofpoint’s research showed that 38% of the top 150 organizations worldwide have the strictest, recommended level of DMARC (Reject), meaning 62% are not using secure communication methods to proactively block fraudulent emails from reaching customers. This makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers.