Dubai: A majority of financial institutions listed in the GCC are proactively implementing measures to block fraudulent emails from reaching customers, according to the latest research by Proofpoint, a leading cyber security and compliance company. Proofpoint analysed the level of adoption of DMARC (Domain-based Message Authentication, Reporting and Conformance) by banks across the UAE, KSA, Oman, Qatar, Bahrain, and Kuwait to evaluate their email fraud prevention preparedness.

DMARC is an email validation protocol designed to protect domain names from misuse by cybercriminals. It authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject is the strictest and recommended level of DMARC protection, a setting and policy that proactively blocks fraudulent emails from reaching their intended target.

Key Findings from the DMARC analysis of the top banks in the GCC include:

  • In 2024, 96% of GCC banks have published a DMARC record (Domain-based Message Authentication, Reporting & Conformance), indicating almost all are preparing for the upcoming email authentication requirements. This means just 4% are taking no steps to protect against misuse of their domain in email fraud.  
  • This is up from 2023 when 94% of GCC banks had published a DMARC record.
  • Almost three-quarters (71%) of GCC banks have implemented the strictest and recommended level of DMARC protection (‘reject’). This means 29% are still not proactively protecting customers against email impersonation and fraud.
  • This is an improvement on 2023, when only 67% had implemented DMARC at reject level.

The improvement in DMARC performance among GCC banks is critical as financial institutions are a prime target for cybercriminals due to the vast amounts of sensitive personal and financial data they store. With rapid digitalization of the GCC banking sector, including increased usage of mobile banking by customers, it has become essential for banks to prioritize cybersecurity measures to safeguard against potential cyber threats.

 “Email authentication protocols such as DMARC are critical for GCC banks to minimize impersonation risk and therefore protect customers, staff and stakeholders from malicious email attacks. Proofpoint’s research shows that the GCC banking sector is on the right track when it comes to email fraud preparedness by deploying simple yet effective email authentication best practices,” says Emile Abou Saleh, Regional Director, Middle East, Turkey and Africa for Proofpoint. “With the new email authentication requirements from Google, Yahoo! and Apple, we recommend that organizations across all sectors follow suit to minimize impersonation risk and protect customers, suppliers and staff from email fraud.”

Cybercriminals regularly use the method of domain spoofing to pose as well-known organizations and companies by sending an email from a supposedly legitimate sender address. These emails are designed to trick people into clicking on links or sharing personal details, which can then be used to steal money or identities. It can be almost impossible for an ordinary Internet user to identify a fake sender from a real one. While user awareness and education play an important role in hardening your human-centric security layer, technical controls such as DMARC are extremely important in protecting your organization against email-based attacks and fraud.

Methodology: To assess the level of DMARC adoption among banks, Proofpoint conducted an analysis of the primary corporate domains of the top banks across the six GCC countries, including the UAE. The analysis was carried out in January 2024.  Please see Proofpoint’s DMARC check tool here:

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Sara Seggari