The Middle East is outshining other nations with its remarkable commitment to email security. Starting February 1, 2024, both Google and Yahoo mandated SPF and DKIM for bulk senders, while companies sending out over 5,000 emails per day are also required to have DMARC in place. While other nations are still making slower moves, almost 90% of the companies in the Kingdom of Saudi Arabia and 80% in the United Arab Emirates have deployed the basic versions of SPF, DKIM, and DMARC.
This is against the cumulative global average of only about 73% of organizations having basic or strict DMARC linked to their email-sending domains.
The Middle Eastern Momentum
After the announcements made by Google and Yahoo, the adoption of DMARC has accelerated and now the government regulations are also encouraging it. During the initial six weeks of 2024, over 2 million fresh DMARC entries were generated. This period witnessed a surge of 41% in records within the African market and a 29% rise in the Middle Eastern region.
The countries of the Gulf Cooperation Council (GCC), including Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates, have developed many industrial and national regulations, including the famous Saudi Arabia Monetary Authority (SAMA) cybersecurity framework for swifter and stricter deployment.
As many as 80% of the members of the S&P’s Pan Arab Composite Index have a strict DMARC policy, and this figure is higher than the FTSE100’s 72% and France’s CAC40’s 61%.
Experts believe that the Middle Eastern region’s supply chain is maturing positively, and the SPF, DKIM, and DMARC adoption momentum is reflecting a transformed landscape. This has contributed to a significant decrease in the success rate of phishing scams while optimizing email reliability and strengthening their overall cybersecurity posture.
But p=reject is Still Lagging
Despite the momentum of adoption, Middle Eastern companies are still catching up to deploy the strictest DMARC policy, but that’s justifiable since the confidence to apply p=reject doesn’t come overnight.
Image sourced from geeksforgeeks.org
It takes time to gradually increase the percentage of emails that should be subjected to getting evaluated against the strictest DMARC policy.
Hence, only 43% of UAE-based domains and 57% of Saudi Arabia-based domains are set to the ‘reject’ DMARC policy. But it’s good to learn that both countries are still ahead of the 31% Global 2000 companies that have set their DMARC records to p=reject.
Why is it Urgent to Adopt SPF?
It is urgent to adopt the Sender Policy Framework (SPF) because it helps prevent email spoofing and phishing attacks by verifying that incoming emails originate from legitimate sources. SPF records specify which IP addresses are authorized to send emails on behalf of a particular domain. Without SPF, malicious actors can easily impersonate legitimate senders, leading to potential security breaches, data theft, financial losses, and damage to an organization’s reputation. By implementing SPF, organizations can enhance their email security posture and protect both themselves and their recipients from various cyber threats. AutoSPF can assist you with this.