If you are using an insecure HTTP connection and unreliable communication channels (for example, public access points) for Internet access, information from your mailbox (personal correspondence, passwords, phone, and credit card numbers, etc.) may be intercepted by intruders.
Yandex.Mail uses HTTPS protocol to protect your mailbox. It provides security and confidentiality by encrypting your personal data before sending it to the server. HTTPS protocol is supported by all modern browsers.
To reduce the risk of data loss, use only reliable communication channels for Internet access which provide a secure HTTPS connection. If, for some reason, your Internet provider does not support this protocol, switch to a more reliable ISP.
If, while working in a network, you find that the safe HTTPS-connection is disabled, contact your system administrator to find out the causes for this and eliminate them.
DKIM (Domain Keys Identified Mail) is an email sender verification technology which adds a digital signature associated with a domain name. This signature confirms that the message has not been intercepted and modified after being sent from the sender's mail server.
The digital signature is designed to prove email authenticity and protects against spam and phishing. Messages are provided with a digital signature on the mail server of the email sender. The sender cannot add the signature themselves, unless they are the administrator of the server from which the email is being sent.
If you are reading messages and see a grey mark in the From field stating Digital signature invalid, you should treat the contents of the message cautiously.
To correctly display the digital signature, DKIM technology support is required from both parties (not just from the email recipient, but also the email sender). For this reason, invalid signatures from “honest” senders may raise a false alarm.
If you are completely confident about the sender and still see the invalid digital signature message, just ignore this alert. You can also contact Support at the sender's mail service to prevent the alert from causing false alarms in the future.
A confirmed mobile phone number is required to recover your password or receive notifications. If you forget your password, you can specify your phone number to receive a recovery code in SMS.
You can add your phone number on the Phone numbers page. Enter the number and click Add To confirm your number, enter the code sent in the SMS to your number and your Yandex password, and then click Confirm.
The phone number should be entered using the following format: +7 YYY XXXXXXX, where +7 is the code for Russia, YYY is the code of your operator, XXXXXXX is the seven-digit number. For example: +7 123 456 78 90.
Phone numbers are temporarily blocked after confirmation is sent. Wait for the SMS with the code and complete the confirmation procedure. If you do not receive the message, try requesting it again some time later.
If you are trying to do something with the main phone number, just continue: For security reasons, Yandex sends electronic messages and SMS notifications about all operations.
If notification arrives unexpectedly, it means that someone has got access to your account. Do not be afraid: access can be easily restored automatically by means of the main phone number. Without access to your telephone, the intruder will only be able to delete or change the connected number after 30 days. During this time you will be able to do the following:
Restore access to the account and change the password.
Follow the link Forgot your password? and then follow the instructions in Yandex.Passport: get the recovery code and set a new password (when thinking about the password, consider our guidelines).
If you delete or change the main telephone number, the operation can be undone on the page Phone numbers.
To open the session history, click the Last username link at the bottom of the page (if the last change to the mailbox was made more than 15 minutes ago) or Session history (if less than 15 minutes have elapsed since the last modification).
You can also view the log from the menu Settings → Security.
The log shows your current IP address and other IP addresses under which you recently logged into this mailbox. All of the log's historical data is grouped by dates.
To view detailed information for any day from the list, click the link with the date. The list displays the time of the action, the IP address of the device from which the change was made, and the name of the action.
Yandex.Mail regularly detects dangerous and scam websites and scam mail, and marks suspicious messages with a special alert.
See Internet scams (phishing) for more detailed information about fraudulent practices.