Yandex Mail mailbox security
Yandex Mail takes multiple measures to protect your messages. The service verifies the sender's identity, works only via a secure HTTPS connection, and saves the history of all mailbox actions in the log.
Sender verification
Yandex Mail verifies the sender's identity by their DKIM (Domain Keys Identified Mail) digital signature. If the email has a digital signature, it means that it was not intercepted and changed after it was sent from the mail server. Only the administrator of the server from which the message is sent can set the signature.
If you see the or
icon to the left of the sender's address, it means that the digital signature of the email is incorrect. Treat its contents with caution.
For successful verification, DKIM technology must be supported by both parties — the recipient and the sender. Otherwise, the check may show an untrusted signature message in the email from an honest sender.
If you are completely confident about the sender and still see the untrusted digital signature message, ignore this alert. You can also contact support at the sender's mail service to prevent the alert from causing false alarms in the future.
Messages are displayed with the wrong digital signature in Yandex 360 for Business
What icon and pop-up message do you see?
Sender data is most likely falsified
Sender may not be trustworthy
Trusted domain (domain.com) does not match sender
Trusted sender
Sender data is most likely falsified
-
Most likely, the DKIM signature and SPF record are not configured on your domain. To set them up correctly, follow the instructions in Help for Yandex 360 for Business:
Sender may not be trustworthy
-
Most likely, the DKIM signature and SPF record are not configured on your domain. To set them up correctly, follow the instructions in Help for Yandex 360 for Business:
Note. After you configure the SPF record and DKIM signature, some email may still show theicon. This is due to various reasons, such as forwarding, importer or mail alias.
Trusted domain (domain.com) does not match sender
- Make sure that the domains specified in the
FROM:
field of your emails, the SPF record and DKIM signature match, including the top-level domain.Note. After you configure the SPF record and DKIM signature, some email may still show theicon. This is due to various reasons, such as forwarding, importer or mail alias.
Trusted sender
- Most likely, you started sending email from this domain only recently or users reported your messages as spam. They will be marked with the
icon after some time of when there are fewer complaints about your emails.
My mailing list messages are marked with the wrong icon
If you send email and see that they're labeled with the or
icon, the mailing list most likely doesn't meet the Yandex requirements for honest mailing lists.
Session history
The Yandex Mail log stores the history of changes made in your mailbox, as well as IP addresses from which you logged in to the service.
Actions that have no visual implications (such as reading previously read mail or visiting a folder) are not displayed in the log.
You may view the data for the last 7 days (about 2,000 actions).
To view your session history, click Yandex Mail log at the bottom of the page.

You can also view the session log by going to
.The log shows your current IP address and other IP addresses under which you recently logged into this mailbox. All the data from the log history is grouped by dates.
To view detailed information for any day from the list, go to the date you need. The list displays the time of the action, the IP address of the device the change was made from, and the name of the action.
HTTPS support
If you are using an unsecure HTTP connection and unreliable communication channels (such as public wifi) for internet access, information from your mailbox (personal correspondence, passwords, phone, and credit card numbers, etc.) may be intercepted by malicious users.
Yandex Mail uses the HTTPS protocol to protect your mailbox. It provides security and confidentiality by encrypting your personal data before sending it to the server. The HTTPS protocol is supported by all modern browsers.
To reduce the risk of data loss, use only reliable communication channels for internet access that provide a secure HTTPS connection. If for some reason your internet provider does not support this protocol, switch to a more reliable provider.
If you find that the secure HTTPS connection is disabled when you are using a corporate network, contact your system administrator to find out why and resolve the issue.