Mail security

HTTPS support

If you are using an insecure HTTP connection and unreliable communication channels (for example, public access points) for Internet access, information from your mailbox (personal correspondence, passwords, phone, and credit card numbers, etc.) may be intercepted by intruders.

Yandex.Mail uses HTTPS protocol to protect your mailbox. It provides security and confidentiality by encrypting your personal data before sending it to the server. HTTPS protocol is supported by all modern browsers.

Attention! If possible, avoid connecting your devices to public Internet access points that do not utilize HTTPS protocol.

To reduce the risk of data loss, use only reliable communication channels for Internet access which provide a secure HTTPS connection. If, for some reason, your Internet provider does not support this protocol, switch to a more reliable ISP.

If, while working in a network, you find that the safe HTTPS-connection is disabled, contact your system administrator to find out the causes for this and eliminate them.

Attention! If the HTTPS protocol is not working correctly, the problem may also be caused by viruses on your computer. If all settings are correct and the protocol is not blocked by your provider or administrator, check your computer with an antivirus.

Digital signature

DKIM (Domain Keys Identified Mail) is an email sender verification technology which adds a digital signature associated with a domain name. This signature confirms that the message has not been intercepted and modified after being sent from the sender's mail server.

The digital signature is designed to prove email authenticity and protects against spam and phishing. Messages are provided with a digital signature on the mail server of the email sender. The sender cannot add the signature themselves, unless they are the administrator of the server from which the email is being sent.

If you are reading messages and see a grey mark in the From field stating Digital signature invalid, you should treat the contents of the message cautiously.

To correctly display the digital signature, DKIM technology support is required from both parties (not just from the email recipient, but also the email sender). For this reason, invalid signatures from “honest” senders may raise a false alarm.

If you are completely confident about the sender and still see the invalid digital signature message, just ignore this alert. You can also contact Support at the sender's mail service to prevent the alert from causing false alarms in the future.

Mobile phone confirmation

A confirmed mobile phone number is required to recover your password or receive notifications. If you forget your password, you can specify your phone number to receive a recovery code in SMS.

Note. If you do not use a mobile phone or Yandex does not support sending SMS to your operator, you can recover your forgotten password at an additional email address or by answering a security question.

Adding phone numbers

You can add your phone number on the Phone numbers page. Enter the number and click Add To confirm your number, enter the code sent in the SMS to your number and your Yandex password, and then click Confirm.

Note. SMS delivery time depends on your network operator and usually takes several minutes (maximum delivery time is 24 hours). If you do not receive the message, try requesting it again some time later.

Possible problems and troubleshooting tips

“Invalid number format”

The phone number should be entered using the following format: +7 YYY XXXXXXX, where +7 is the code for Russia, YYY is the code of your operator, XXXXXXX is the seven-digit number. For example: +7 123 456 78 90.

“This number is blocked.”

Phone numbers are temporarily blocked after confirmation is sent. Wait for the SMS with the code and complete the confirmation procedure. If you do not receive the message, try requesting it again some time later.

The message with the confirmation code does not arrive.

Possible reasons:

  • the system has not had enough time to process the sms-message (the maximum time for message delivery is 24 hours);
  • your phone is switched off or beyond network coverage;
  • you entered an incorrect telephone number;
  • your operator is not supported by the Yandex message delivery system.
There are incoming messages about adding, changing or deleting the phone number

If you are trying to do something with the main phone number, just continue: For security reasons, Yandex sends electronic messages and SMS notifications about all operations.

If notification arrives unexpectedly, it means that someone has got access to your account. Do not be afraid: access can be easily restored automatically by means of the main phone number. Without access to your telephone, the intruder will only be able to delete or change the connected number after 30 days. During this time you will be able to do the following:

  1. Restore access to the account and change the password.

    Follow the link Forgot your password? and then follow the instructions in Yandex.Passport: get the recovery code and set a new password (when thinking about the password, consider our guidelines).

  2. If you delete or change the main telephone number, the operation can be undone on the page Phone numbers.

Attention! If your phone number is already connected to three Yandex accounts and you link it to a fourth one, this number will be automatically unconnected from the three other accounts. Messages about these operations will arrive at the email addresses of these accounts.

Session history

Yandex.Mail log stores the history of changes made in your mailbox, as well as IP addresses from which authorization was made.

Actions that have no visual implications (e.g., reading previously read mail, visiting a folder, etc.) are not displayed in the log.

You may view the data for the last 7 days (about 2,000 actions).

Attention! Session history contains reference information and makes it impossible to cancel executed actions (for example, to recover deleted emails).

To open the session history, click the Last username link at the bottom of the page (if the last change to the mailbox was made more than 15 minutes ago) or Session history (if less than 15 minutes have elapsed since the last modification).

You can also view the log from the menu Settings Security.

The log shows your current IP address and other IP addresses under which you recently logged into this mailbox. All of the log's historical data is grouped by dates.

To view detailed information for any day from the list, click the link with the date. The list displays the time of the action, the IP address of the device from which the change was made, and the name of the action.

Fraud alert

Yandex.Mail regularly detects dangerous and scam websites and scam mail, and marks suspicious messages with a special alert.

See Internet scams (phishing) for more detailed information about fraudulent practices.