Email-based attacks are extremely popular in the cybercriminal arsenal. From low-level, opportunistic scammers, to nation state-backed groups, the usage of such attacks continues to grow. Such attacks may ultimately result in malware infections, business email compromise, or even the theft of credentials.
Given the importance of securing email, OryxLabs leveraged its capabilities to scan, store and analyze data at Internet scale to evaluate the email protection mechanisms deployed by various organizations across the UAE.
In a first of its kind report for UAE, we analyzed over one million domains utilizing the .AE extension to evaluate the state of Email Security across the nation. We conceptualized an overall Email Authentication Deployment Score (EADS) that encapsulates the state of the nation in a single number.
The score is based on the configuration quality of the three fundamental protocols for email security: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These protocols help ensure emails pretending to be from an organization actually come from it, and that they have not been tampered with in transit.
This State of the Nation report, first of an extensive series, provides security practitioners and leaders with a clear view over the gaps in implementation of SPF, DKIM and DMARC, and offers guidance on the actions that need to be taken for an efficient improvement of the situation.