Blog
العودة إلى الصفحة السابقة

Taqdeer - The growth of email servers in the GCC

25 أبريل 2024
Email Server Daily Groth in tTe GCC by Edge Group

By Rudy Guyonneau, PhD Director of Research

The most common truism in cybersecurity might be that “cyberspace is growing constantly” and, with it, that “the threat landscape is everchanging, consistently expanding and adapting”. A natural consequence of the digital transformation through which businesses, and people, are connecting, and where threats evolve to take advantage of new products emerging on to the marketplace. This statement is certainly true. It is also anxiety-inducing, since it tends to consign us, cyber operators, to the spectator’s seat.

Anxiety, as well as fear, are best dealt with by naming. That is, by making the unknown, known. It is no coincidence that science starts with measuring things. The Taqdeer initiative at OryxLabs consists of quantifying this growth, numbering the dimensions of cyberspace to facilitate its management; “what gets measured gets managed”. 

Cyberspace is vast and complex; we will approach it piece-by-piece, with a focus on our region. As such, we are us kickstarting Taqdeer with the topic of email servers deployment across the GCC.

 

Emails servers as a marker of growth

The internet was created to allow users on different computers to exchange messages. As such, measuring the internet could well be examined by looking at email servers, which implement this very function: information exchange. Under this strong hypothesis, it becomes reasonable to assess the degree to which a given digital perimeter is growing and, in doing so, possibly gather insights on how to evaluate the level of development of a country in terms of technological progress. 

As of 29th of March 2024, the GCC region featured 354,249 email servers2 (Table below), identifying the UAE with the most email servers per capita (27.7 every 1,000 people). Monitoring these datapoints over a one-month period, we could observe a daily growth that translates to a +28% email servers per year for the region, 

  • with Kuwait trailing behind both in growth and per capita (resp. +12%, 0.7),
  • UAE (+31%), Saudi Arabia (+31%), Qatar (+28%) and Oman (+26%) in a pack of rapidly expanding digital perimeters,
  • and Bahrain (+39%) expanding aggressively (given it having the smallest perimeter to start with: 2.2k MX domains).

As a sidenote, we remark the ratio of total MX domains to MX parent domains could be an indicator of technological advancement (ratio>= 2.0), if AE and SA are assumed more advanced than the rest of GCC3.

TAQDEER


 The challenge

Attempting to measure any aspect of cyberspace represents a significant challenge, since cyberspace is essentially an opaque space, where events happen that one cannot observe without the proper tooling: said otherwise, humans are missing a “cyber-eye”.

We at ORYXLABS are attempting to fill that gap, by equipping our clients with the technological foresight, vision and mapping to support them in driving cybersecurity at scale. 

How accurate is that eye though? Answering this is not straightforward: no ground truth exists to compare it to and establish its accuracy objectively. Pioneers have to take risks though, in their attempt to blaze a trail, which take the form of reasonable assumptions. Here are ours:

  • The growth rate of email servers should be reasonably constant over time, as  there is no evidence to suggest a sudden surge, or drop, in the number of email servers found over any given day, week or month ahead.
  • The growth rate of MX domains – including subdomains – should be strongly correlated to the growth rate of their parents’, as more parent domains translates mechanically into more subdomains.
  • GCC countries can be assumed to share the same trends, at least at a coarse level, where differences would be observed at a finer resolution.

    • Fortunately, we could verify these over the time period (shown over the last 8 days in the figure below): 
     

    TAQDEER

  • [constancy] present: the overall aspect of the curves shows constancy. At a finer scale, inflections are found, but stable behavior can be observed in the alignment of day-to-day, country-specific curves (e.g. the last 3 days of SA and AE growth). Since the detection process – our “eye” – is the same as in cases of stability, the inflections can be assigned to environmental changes, to be further investigated.
  • [correlation] verified: all countries are found going along the diagonal, where the increase in MX parent and total domains is the same (especially SA and UAE). Said otherwise, no countries are consistently found moving straight up or down (more or less parents but no changes in total), nor straight right or left (more or less total with no changes in parents).
  • [consistency] explainable: most countries display similar trends, with Bahrain tending to deploy slightly more MX parent domains than MX subdomains, and Oman slightly more subdomains than parents’. Kuwait and, to a lesser extent, Qatar stand as outliers from being at the edge of statistical significance: their sudden shifts are related to unitary drops (-1) in the detected number; this can be attributed to an inherent, negligible noise in the sensor.

    •  

    Conclusion

    How much does the space of email servers grow? In the GCC region, it would grow at a rate of +28% over 2024. The number is significant, corresponding to a phase of strong technological development, which we assume is in line with regional and country-level visions and efforts4. As a consequence, the attack surface of the region will increase proportionally, highlighting the importance of cultivating cyber-awareness and governance in order to optimise budget allocation. It is more efficient to enforce proper email authentication practices upstream, than it is to patch downstream a space that is expanding faster than human efforts can keep up with.

    Is this rate stable overtime? What could explain local inflections against the baseline? How does it compare with other countries? We are only at the beginning of an ambitious, yet productive and valuable, initiative to understand and control cyberspace. Advancing step-by-step, with rigor, dedication and in cooperation with the wider cybersecurity community, will allow us to achieve our Taqdeer objective. So, let’s get going.

    -------------------------------------------------------

    1 In Arabic, “quantifying”.

    2 Defined as MX servers found on main and sub-domains.

    3 QA as an exception, since it can be assumed to be technologically advanced, yet features a ratio below 2.0.

    4 Comparatively, more mature countries, such as the USA for example, would be expected to have flatter rates.

    السابق