OryxLabs has published a report that assigns an Email Authentication Deployment Score (EADS) at a national level in the UAE for the first time. This rating is based on actual network data that was collected, processed, and analysed to give an accurate, on-the-ground account of the state of email authentication in the country.
The research paper, titled State of the Nation – Email Authentication in the UAE, is based on data drawn from over one million domains utilising the .AE extension. From that set, 134,000 domain names used for email exchanges in the UAE were selected for further analysis. The report utilised over four million Domain Name System (DNS) queries with more than 40 evaluation parameters per domain and an analysis of five million data points to paint the final picture of email security.
The score is based on the implementation or lack thereof of three fundamental and complementary email security protocols: Sender Policy Framework (SPF); Domain Keys Identified Mail (DKIM); and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Working together, these protocols help ensure emails purporting to be from an organisation actually come from the organisation and that they have not been tampered with in transit.
The overall absolute EADS score for the UAE is on-par or slightly higher than scores observed worldwide. That said, efforts are required across the board to enhance the state of email protection. A deep dive of the report’s results provides visibility into the actions that need to be taken for an efficient improvement of the situation.
Observations include the fact that while SPF can be easily implemented it remains at a relatively low deployment score. The implementation of DKIM for the UAE is surprisingly high for the oft-overlooked protocol, and DMARC is neglected by most organisations and would be a strong factor of improvement.
On a positive note, email authentication is easy to implement relative to the protection it provides. As such, it is strongly advised that SPF, DKIM, and DMARC be deployed efficiently across all organisations and prioritised at critical ones that have not implemented it yet.
