OryxLabs’ new report assigns a national score for the UAE’s level of email security for the first time

OryxLabs, a leading UAE cybersecurity firm providing national-level tools, insights, and advisory, has published a report that assigns the country an Email Authentication Deployment Score (EADS) for the first time. This rating is based on actual network data collected across the country, which was processed, refined, and analysed to give an actual account of the state of email authentication for the country for the first time ever.

The research paper, entitled State of the Nation – Email Authentication in the UAE, is based on data drawn from over one million domains utilising the .ae extension. 134,000 domain names used for email exchanges in the UAE were selected for further analysis, giving rise to the review of a total of four million Domain Name System (DNS) queries; 40 dimensions per domain; and five million data points in the commission of the research.

The results are telling. The analysis yielded an EADS for the UAE of 18%, based on the implementation or lack thereof of three fundamental and complementary security protocols that enable organisations to ensure emails from their domain actually come from the company. The first protocol is called Sender Policy Framework (SPF), which defines domains / IP addresses that are authorised to send emails on behalf of an entity and help protect from spoofing.

The second is Domain Keys Identified Mail (DKIM), which automates the cryptographic signing of outgoing emails. This helps validate the authenticity of the sender and ensures emails are not tampered with during transit.

The last security protocol is called Domain-based Message Authentication, Reporting, and Conformance (DMARC), which adds a layer of monitoring and control over the output of SPF and DKIM. In the absence of these three authentication protocols, emails sent from an organisation’s domain are delivered as-is in the receiver’s inbox.

While the overall EADS score for the UAE is low at 18%, OryxLabs researchers say this would be on-par or slightly higher than scores observed worldwide. That said, efforts are required across the board to enhance the state of the nation in this important area of email protection.

Observations in the report include the fact that while SPF can be easily implemented, it remains at a relatively low deployment score. The implementation of DKIM for the UAE is surprisingly high for the oft-overlooked protocol, though DMARC is all but neglected. This protocol in particular would be a strong factor of improvement.

On a positive note, the report concludes that email authentication is easy to implement relative to the protection it provides. As such, it is strongly advised that it be deployed efficiently across all entities.