Yandex Mail mailbox security

Yandex Mail takes multiple measures to protect your messages. The service verifies the sender's identity, works only via a secure HTTPS connection, and saves the history of all mailbox actions in the log.

  1. Sender verification
  2. Session history
  3. HTTPS support

Sender verification

Yandex Mail verifies the sender's identity by their DKIM (Domain Keys Identified Mail) digital signature. If the email has a digital signature, it means that it was not intercepted and changed after it was sent from the mail server. Only the administrator of the server from which the message is sent can set the signature.

If you see the or icon to the left of the sender's address, it means that the digital signature of the email is incorrect. Treat its contents with caution.

For successful verification, DKIM technology must be supported by both parties — the recipient and the sender. Otherwise, the check may show an untrusted signature message in the email from an honest sender.

If you are completely confident about the sender and still see the untrusted digital signature message, ignore this alert. You can also contact support at the sender's mail service to prevent the alert from causing false alarms in the future.

Messages are displayed with the wrong digital signature in Yandex 360 for Business

What icon and pop-up message do you see?

Sender data is most likely falsified

Most likely, the DKIM signature and SPF record are not configured on your domain. To set them up correctly, follow the instructions in Help for Yandex 360 for Business:

Sender may not be trustworthy

Most likely, the DKIM signature and SPF record are not configured on your domain. To set them up correctly, follow the instructions in Help for Yandex 360 for Business:

Note. After you configure the SPF record and DKIM signature, some email may still show the icon. This is due to various reasons, such as forwarding, importer or mail alias.
Trusted domain (domain.com) does not match sender
Make sure that the domains specified in the FROM: field of your emails, the SPF record and DKIM signature match, including the top-level domain.
Note. After you configure the SPF record and DKIM signature, some email may still show the icon. This is due to various reasons, such as forwarding, importer or mail alias.
Trusted sender
Most likely, you started sending email from this domain only recently or users reported your messages as spam. They will be marked with the icon after some time of when there are fewer complaints about your emails.

My mailing list messages are marked with the wrong icon

If you send email and see that they're labeled with the or icon, the mailing list most likely doesn't meet the Yandex requirements for honest mailing lists.

Session history

The Yandex Mail log stores the history of changes made in your mailbox, as well as IP addresses from which you logged in to the service.

Actions that have no visual implications (such as reading previously read mail or visiting a folder) are not displayed in the log.

You may view the data for the last 7 days (about 2,000 actions).

Attention. Session history contains reference information and makes it impossible to cancel executed actions (for example, to recover deleted emails).

To view your session history, click Yandex Mail log at the bottom of the page.

You can also view the session log by going to  → All settings → Security.

The log shows your current IP address and other IP addresses under which you recently logged into this mailbox. All the data from the log history is grouped by dates.

To view detailed information for any day from the list, go to the date you need. The list displays the time of the action, the IP address of the device the change was made from, and the name of the action.

HTTPS support

If you are using an unsecure HTTP connection and unreliable communication channels (such as public wifi) for internet access, information from your mailbox (personal correspondence, passwords, phone, and credit card numbers, etc.) may be intercepted by malicious users.

Yandex Mail uses the HTTPS protocol to protect your mailbox. It provides security and confidentiality by encrypting your personal data before sending it to the server. The HTTPS protocol is supported by all modern browsers.

Attention. If possible, avoid connecting your devices to public internet access points that do not use the HTTPS protocol.

To reduce the risk of data loss, use only reliable communication channels for internet access that provide a secure HTTPS connection. If for some reason your internet provider does not support this protocol, switch to a more reliable provider.

If you find that the secure HTTPS connection is disabled when you are using a corporate network, contact your system administrator to find out why and resolve the issue.

Attention. If the HTTPS protocol is not working correctly, the problem may also be caused by viruses on your computer. If all settings are correct and the protocol is not blocked by your provider or administrator, check your computer with an antivirus.