• DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals

Dubai, United Arab Emirates: Leading cyber security and compliance company, Proofpoint, has released research which shows that a majority of GCC banks (94%) have published a DMARC record (Domain-based Message Authentication, Reporting & Conformance), while 67% (34 of 51) have implemented the strictest and recommended level of DMARC protection (‘reject’). This shows that the GCC performs better than the global average, with 63% of financial organisations listed under the Fortune Global 500 having published a DMARC record, and only 39% (47 of 122) implementing the strictest and recommended level of DMARC protection, ‘reject’.

While two thirds of GCC banks have implementing the strictest DMARC levels of protection, one third of the banks may leave their customers vulnerable to email-based fraud.

DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.

Haifa Ketiti, Senior Systems Engineer, Middle East at Proofpoint, said, Email continues to be the vector of choice for cybercriminals and the financial sector remains a key target. Cybercriminals continue to impersonate leading organisations by sending out emails from supposedly legitimate sender addresses to trick customers. Our research has shown that many GCC financial institutions are still exposing people to cybercriminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices.”

Ketiti added: “The GCC financial sector is poised for strong growth post-Covid, especially as the World Bank has projected that GCC economies are set to expand by 5.9% in 2022[1].  Therefore, building robust defences and cyber resilience by implementing DMARC, which verifies that the purported domain of the sender has not been impersonated, will be invaluable for GCC banks in the future.”


To assess the level of DMARC adoption among the top 10 banks in six GCC countries, including the UAE, Proofpoint conducted an analysis of the primary corporate domains of each bank. The global analysis is based on the top 150 financial organizations in the in the Fortune Global 500 https://fortune.com/global500/. All analyses were carried out in 2022.


About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Mara Carpencu
BPG Group

[1] GCC Economies to Expand by 5.9% in 2022 (worldbank.org)