Email authentication widely adopted across top Middle East e-commerce websites as the holiday shopping season approaches
- 89% of top e-commerce websites in the UAE and 95% in KSA publish a DMARC record, showing stronger commitment to email authentication
- AI is reshaping retail journeys in the region and expanding the attack surface, increasing the need for authenticated communication during peak shopping periods
As White Friday and the holiday shopping period approach, Proofpoint, Inc., a leading cybersecurity and compliance company, releases new research showing steady progress in the email security posture of the region’s most visited retail websites. Retailers across the UAE and Saudi Arabia are raising their DMARC protections to limit the risk of email fraud that targets both shoppers and supply chain partners during peak online activity.
This year’s analysis shows strong awareness of authenticated email practices across the region, with retailers taking clearer steps to secure their customer communications. In the UAE, 89% of the most visited retail websites publish a DMARC record, and 42% enforce the recommended reject policy. In Saudi Arabia, 95% publish a DMARC record and 53% enforce reject. Across both markets, adoption reflects a growing focus on securing customer communication in the retail sector.
Despite this progress, many retail domains still operate without full DMARC enforcement, increasing the risk that unauthenticated messages can appear legitimate. Strong domain authentication remains essential for securing communication across customer and operational touchpoints.
AI is also accelerating change across the retail ecosystem, creating new pressure on security controls. Recent research studies show that the vast majority of retailers in the region already use AI solutions across parts of their operations. This rapid adoption improves customer discovery and personalisation, while giving attackers new opportunities to imitate trusted brands at scale.
Abdulah Aljandal, Country Manager, Saudi Arabia at Proofpoint, said: “Saudi retailers are ahead of many regional peers in adopting DMARC, and the rising number of domains enforcing reject is a positive sign. But as retail activity intensifies during peak shopping periods, even small gaps in email authentication can be exploited.
Consumers depend on email for order updates, promotions, and payment confirmations, and cybercriminals use that dependency to deliver fraudulent messages that look legitimate. With AI making impersonation easier and faster, enforcing DMARC at reject is one of the most effective steps retailers in the Kingdom can take to reduce the risk of scams and strengthen customer trust.”
Proofpoint recommends that retailers review their domain authentication policies and enforce DMARC at reject to reduce the risk of unauthorised messages passing as legitimate communication. Consumers can also improve their safety by visiting trusted websites directly, validating offers at checkout, using strong, unique passwords, and enabling multi-factor authentication.
