Dubai, United Arab Emirates: Leading cybersecurity and compliance company, Proofpoint, has released research which shows that only 65% of the top 20 retailers in the Middle East have implemented the minimum level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, meaning 35% are taking no steps to prevent malicious actors spoofing their domain. Worryingly, only 6 out of the top 20 (30%) have the strictest and recommended DMARC policy (‘reject’) in place, meaning 70% are not proactively blocking fraudulent emails from reaching consumers.

With the onset of Ramadan and discount sales, consumers are expected to spend a record breaking $66 billion on retail in the MENA region this year. Millions of shoppers will continue to scour the internet for not only the best Ramadan offers available but will also be inundated with emails promising deals that are too good to miss. Cybercriminals on the prowl often create tempting clickbait for unexpecting consumers and capitalise on the increase in email communication from retailers to trick shoppers with fraudulent emails.

DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It is the best way for organizations to protect email traffic against phishing and other fraudulent activity. DMARC authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said: “The retail sector in the Middle East continues to remain as vibrant as ever, with statistics showing that profits from grocery, apparel and electronics retail in the GCC are exceeding the global industry average. In fact, consumer spending in KSA was the highest in the region at over $16bn. With this high traffic of retail activity, Middle East retailers must protect their customers and brand from email fraud.”

Emile added: “Email is the vector of choice for cybercriminals and the retail industry remains a key target. Organizations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences.”

Proofpoint recommends consumers follow the below top tips to remain safe online while shopping for seasonal bargains: 

  1. Use strong passwords:  Do not reuse the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe. Use multi-factor authentication for an added layer of security. 
  2. Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
  3. Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
  4. Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
  5. Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints. 


About DMARC: 

For many organizations, the road to easing email fraud risk is paved with DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated.  DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. This authentication protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain. To find out more about DMARC, visit


To assess the level of DMARC adoption among the top 20 retailers in the Middle East, Proofpoint conducted an analysis of the primary corporate domains of each organization. The analysis was carried out in March 2023.

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Mara Carpencu
BPG Group