Proofpoint releases new research showing steady progress in the email security posture of the region’s most visited retail websites. Retailers across the UAE are raising their DMARC protections to limit the risk of email fraud that targets both shoppers and supply chain partners during peak online activity.
This year’s analysis shows strong awareness of authenticated email practices across the region, with retailers taking clearer steps to secure their customer communications. In the UAE, 89% of the most visited retail websites publish a DMARC record, and 42% enforce the recommended reject policy. Across both markets, adoption reflects a growing focus on securing customer communication in the retail sector.
Despite this progress, many retail domains still operate without full DMARC enforcement, increasing the risk that unauthenticated messages can appear legitimate. Strong domain authentication remains essential for securing communication across customer and operational touchpoints.
AI is also accelerating change across the retail ecosystem, creating new pressure on security controls. Recent research studies show that the vast majority of retailers in the region already use AI solutions across parts of their operations. This rapid adoption improves customer discovery and personalisation, while giving attackers new opportunities to imitate trusted brands at scale.
Kenan Abu Ltaif, Regional Lead Middle East and Turkey, Proofpoint, said, ” Retailers in the UAE have made steady progress in strengthening their email authentication posture, with most now publishing DMARC records to secure customer communication. But the low number of domains enforcing the recommended reject policy shows that gaps still exist. As shoppers rely heavily on email during White Friday and the holiday season, strong authentication becomes essential for blocking fraudulent messages that imitate trusted brands. Retailers that enforce DMARC at reject protect not only their customers but also their own reputation at a time when AI tools give attackers new ways to craft convincing impersonation attempts.
Proofpoint recommends that retailers review their domain authentication policies and enforce DMARC at reject to reduce the risk of unauthorised messages passing as legitimate communication. Consumers can also improve their safety by visiting trusted websites directly, validating offers at checkout, using strong, unique passwords, and enabling multi-factor authentication.
