Proofpoint research shows reject-level DMARC enforcement among Saudi Arabia’s top travel sites has risen from 30% to 45% year-on-year
Riyadh : As Saudi Arabia’s travel sector enters its biggest domestic tourism season on record, new research from Proofpoint reveals 100% of the Kingdom’s top 20 online travel sites have now published a DMARC (Domain-based Message Authentication, Reporting and Conformance) record, up from 95% in 2025, reflecting rapid progress across one of the region’s fastest-growing digital travel markets. Reject-level DMARC enforcement among the Kingdom’s top 20 online travel sites has risen from 30% in 2025 to 45% in 2026, a 15-percentage-point improvement in a single year.
The findings are based on a DMARC analysis of Saudi Arabia’s most visited online travel sites. DMARC is the email security standard that determines whether a fraudulent email impersonating a brand ever reaches a traveler’s inbox. At its most effective ‘reject’ setting, it stops those emails from reaching recipients.
The improvement comes at a critical moment. Saudi Arabia is the largest and fastest-growing travel and tourism market in the Middle East, with the sector contributing USD 178 billion to the Kingdom’s GDP in 2025 and growing at nearly twice the global average rate. As that growth drives higher volumes of digital interactions between consumers and travel brands, the risk of email fraud targeting travelers rises with it.
This year’s analysis shows 45% of Saudi Arabia’s top travel sites are now operating at reject level. While encouraging, it also means 55% are not, leaving more than half without full email fraud protection during one of the busiest booking periods the Kingdom has seen.
Key findings in Saudi Arabia:
- 100% of Saudi Arabia’s top online travel sites have now published a DMARC record, up from 95% in 2025. The 2026 list reflects an updated ranking of the Kingdom’s most visited travel platforms, with more international booking sites entering the top 20.
- 45% are now operating at reject level, the only enforcement setting that actively blocks fraudulent emails before they reach travelers.
- 55% have yet to reach reject level, meaning customers, staff, and partners remain vulnerable to receiving fraudulent emails impersonating these brands.
Abdullah Aljandal, Country Manager, Saudi Arabia at Proofpoint, said: “The scale and pace of Saudi Arabia’s tourism growth are creating enormous opportunities across the sector, but they also increase the importance of securing digital customer interactions. As booking volumes rise during the summer travel season, cybercriminals will continue exploiting trusted travel brands to target consumers through phishing and impersonation attacks. Stronger enforcement across the remaining organizations will play an important role in reducing exposure to fraudulent emails and protecting consumer trust as the market continues to scale.”
How travelers can protect themselves from travel scams:
While travel brands work toward full DMARC enforcement, travelers can take steps to protect themselves:
- Use strong passwords and enable multi-factor authentication on all travel accounts and booking platforms.
- Be cautious of deals that seem too good to be true. Criminals build convincing fake sites for airlines, hotels, and booking platforms. Always book through official sites or verified agents.
- Treat urgent emails with skepticism. Fake booking confirmations, payment requests, and flight change alerts are common tactics. If in doubt, go directly to the brand’s official website.
- Do not click links in unsolicited emails. Type the website address directly into your browser instead.
- Research before you pay. Check independent reviews and verify the legitimacy of any travel platform before entering payment details.
