Proofpoint Analysis: UAE Travel Sector Bolsters Email Security as Summer Booking Season Peaks

June 8, 2026

As UAE travelers return to booking with renewed confidence after months of regional disruption, new research from Proofpoint reveals that the country’s travel sector has made meaningful progress in protecting consumers from email fraud. DMARC (Domain-based Message Authentication, Reporting and Conformance) adoption among the UAE’s top 20 online travel sites has risen to 95% in 2026 from 85% in 2025, reflecting a sector increasingly aware of its responsibility to secure communications with customers.

This improvement comes at a critical moment. With UAE airspace fully restored after earlier disruptions, flights across the region are moving in both directions again. Residents who deferred travel plans during the months of disruption are now booking, and international visitors are returning. As that surge in online booking activity builds ahead of summer, it brings with it a higher risk of email fraud targeting travelers.

DMARC is the email security standard that determines whether a fraudulent email impersonating a brand ever reaches a traveler’s inbox. At its most effective ‘reject’ setting, it stops those emails entirely.

This year’s analysis shows 45% of the UAE’s top travel sites are operating at reject level. While encouraging, it also means 55% are not, leaving more than half of the country’s most visited travel platforms without full email fraud protection during one of the busiest booking periods of the year.

Key findings in the UAE:

95% of the UAE’s top online travel sites have published a DMARC record, up from 85% in 2025, a 10-percentage-point improvement in a single year.
45% are now operating at reject level, the only enforcement setting that actively blocks fraudulent emails before they reach travelers.
55% have yet to reach reject level, meaning customers, staff, and partners remain vulnerable to receiving fraudulent emails impersonating these brands.

Kenan Abu Ltaif, Regional Lead, Middle East and Turkey at Proofpoint, said: “The UAE travel sector has shown real resilience this year, and it is encouraging to see that extending to how brands protect their customers online. As travelers return and booking confidence rebuilds, the industry has a clear responsibility to ensure that trust is not undermined by fraud carried out in its name. The progress is real, but moving to reject-level enforcement remains the most direct action a travel brand can take to protect its customers and its reputation at the same time.”

How travelers can protect themselves from travel scams:

While travel brands work toward full DMARC enforcement, travelers can take steps to protect themselves:

• Use strong passwords and enable multi-factor authentication on all travel accounts and booking platforms.
• Be cautious of deals that seem too good to be true. Criminals build convincing fake sites for airlines, hotels, and booking platforms. Always book through official sites or verified agents.
• Treat urgent emails with skepticism. Fake booking confirmations, payment requests, and flight change alerts are common tactics. If in doubt, go directly to the brand’s official website.
• Do not click links in unsolicited emails. Type the website address directly into your browser instead.
• Research before you pay. Check independent reviews and verify the legitimacy of any travel platform before entering payment details.