Does mail.ru have a DMARC record?

Yes. mail.ru publishes a DMARC record with policy reject.

What is mail.ru's DMARC policy?

mail.ru's DMARC policy is set to reject. This is the strictest policy, blocking unauthenticated emails.

Does mail.ru support BIMI?

BIMI status for mail.ru could not be determined.

Email authentication check

mail.ru

This check reviews the domain's email authentication setup to help protect against spoofing and phishing.

All data is public, sourced from DNS Last checked about 4 hours ago

Needs attention

mail.ru has email authentication in place, with important improvements still available.

mail.ru publishes strong public DNS records for email authentication and transport security.

86 out of 110

1 of 4 checks passed

DMARC 45 / 50 · Optional SPF 26 / 30 · Optional BIMI 5 / 20 · Failed TLS 10 / 10 · Passed

Last checked about 4 hours ago

Compare with other domains

mail.ru DMARC SPF BIMI TLS

DMARC

Optional

Domain-based Message Authentication

45 / 50

Strict reject policy enforced

DMARC record is valid and configured correctly.

_dmarc.mail.ru TXT

v=DMARC1;p=reject;rua=mailto:[email protected];

Score breakdown

DMARC record published +10
Syntax valid +5
Reject policy (maximum protection) +20
Aggregate reporting (rua) configured and verified +10
Failure reporting (ruf) not configured (optional) 0 / 5

Configuration

Policy (p): reject
DKIM alignment (adkim): Relaxed (default)
SPF alignment (aspf): Relaxed (default)
Subdomain policy (sp): Inherits p=reject

Reporting (RUA / RUF)

Aggregate reports Passed

mailto:[email protected]

External domain verification successful

Failure reports Optional

Not configured

Optional failure reporting is not configured

RFC 9989 note on p=reject

RFC 9989 cautions against p=reject for domains whose users post to mailing lists, and §7.4 requires receivers to treat p=reject as p=quarantine unless their own analysis justifies rejecting. For transactional or marketing-only domains, p=reject stays appropriate; mailbox domains should consider p=quarantine with sp=reject on non-sending subdomains.

SPF

Optional

Sender Policy Framework

26 / 30

SPF record is valid

SPF record is valid and complies with RFC 7208.

mail.ru TXT

v=spf1 redirect=_spf.mail.ru

Score breakdown

SPF record published +10
Syntax valid +5
Soft fail policy (~all) via redirect +6
No configuration warnings +5

Configuration

Default policy: ~all (soft fail)
DNS lookups: 1 / 10 max
Void lookups: 0 / 2 max
Syntax check: OK
Redirect: _spf.mail.ru

SPF redirect

valid

redirect=_spf.mail.ru

Effective policy: ~all

DNS lookup detail

Each mechanism that may trigger a DNS query at delivery time.

1 redirect: _spf.mail.ru Valid cost 0

Valid SPF record found at redirect target

v=spf1 ip4:94.100.176.0/20 ip4:217.69.128.0/20 ip4:128.140.168.0/21 ip4:188.93.58.0/24 ip4:195.211.128.0/22 ip4:188.93.59.0/24 ip4:188.93.56.0/24 ip4:128.140.170.0/24 ip4:178.22.92.0/23 ip4:185.5.136.0/22 ip4:5.61.237.0/26 ip4:5.61.237.128/25 ip4:5.61.236.0/24 ip4:5.61.239.143/32 ip4:5.61.239.144/32 ip4:95.163.216.38/31 ip4:95.163.40.8/29 ip4:45.84.128.0/23 ip4:45.84.131.224/27 ip4:45.84.130.128/25 ip4:79.137.243.64/27 ip4:79.137.242.48/28 ip4:95.163.41.64/26 ip4:79.137.241.236/30 ip4:79.137.243.128/26 ip4:95.163.54.128/26 ip4:176.112.170.128/27 ip4:176.112.169.20/30 ip4:79.137.240.228/30 ip4:95.163.63.96/27 ip4:89.221.237.128/25 ip4:95.163.59.0/25 ip4:176.112.171.128/27 ~all

Authorized IP addresses

include:_spf.mail.ru

94.100.176.0/20 217.69.128.0/20 128.140.168.0/21 188.93.58.0/24 195.211.128.0/22 188.93.59.0/24 188.93.56.0/24 128.140.170.0/24 178.22.92.0/23 185.5.136.0/22 5.61.237.0/26 5.61.237.128/25 5.61.236.0/24 5.61.239.143/32 5.61.239.144/32 95.163.216.38/31 95.163.40.8/29 45.84.128.0/23 45.84.131.224/27 45.84.130.128/25 79.137.243.64/27 79.137.242.48/28 95.163.41.64/26 79.137.241.236/30 79.137.243.128/26 95.163.54.128/26 176.112.170.128/27 176.112.169.20/30 79.137.240.228/30 95.163.63.96/27 89.221.237.128/25 95.163.59.0/25 176.112.171.128/27

BIMI

Failed

Brand Indicators for Message Identification

5 / 20

BIMI record has configuration errors

BIMI record must start with 'v=BIMI1'.

default._bimi.mail.ru TXT

v=spf1 a mx include:_spf.mail.ru -all

Score breakdown

BIMI record published +5
BIMI record valid 0 / 5
Logo URL accessible and valid SVG 0 / 5
No VMC certificate configured (optional) 0 / 5

Configuration

Logo (l): Not configured
Mark certificate (a): Not configured
Selector: default
Note: SVG content is not parsed, for safety

TLS

Passed

Transport security · MTA-STS & TLS-RPT

10 / 10

Inbound transport protection configured

mail.ru publishes both TLS-RPT reporting and MTA-STS policy records.

Score breakdown

TLS-RPT record configured +5
MTA-STS policy configured +5

Configuration

TLS-RPT: Configured
MTA-STS: Configured
TLS-RPT reporting URIs: mailto:[email protected]
MTA-STS policy ID: 20200303T120000

Transport checks

TLS-RPT (reporting) Configured

v=TLSRPTv1;rua=mailto:[email protected]

TLS-RPT record is valid and configured correctly.

MTA-STS (policy) Configured

v=STSv1; id=20200303T120000;

MTA-STS record is valid and configured correctly.

mail.ru enforces a strict DMARC reject policy, instructing receivers to block unauthenticated emails. SPF is published with a soft fail policy (~all), flagging unauthorized senders without blocking them. A few improvements would strengthen mail.ru's email authentication posture.

Keep mail.ru protected automatically

This check is a snapshot. DNS records drift when providers change, teams edit records, or unauthorized changes slip in. DMARCTrust watches the same authentication layer continuously and tells you when something moves.

DMARC report processing

Aggregate and failure DMARC reports are received, parsed, and turned into sender visibility without manual XML handling.

DNS change alerts

DNS checks run every 5 minutes for monitored domains, with email alerts when DMARC, SPF, BIMI, TLS-RPT, or MTA-STS records change.

Receiver Shield for inbound

Deploy, host, and safely enforce MTA-STS and TLS-RPT when this checker finds an inbound transport gap.

Start monitoring mail.ru View plans First checked 5 months ago

Check another domain

Run a free email authentication check: DMARC, SPF, BIMI, TLS-RPT, and MTA-STS.

Try a popular example: google.com, amazon.com, booking.com

Explore

How other domains configure email authentication

Showing domains checked by our users. All data is from public DNS records.

Popular domains

Frequently checked

Well configured

Reject policy + valid SPF

Same policy

Also using reject

What we check

DMARC policy and alignment, SPF record and includes, BIMI logo and certificate, and inbound transport security with MTA-STS and TLS-RPT.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF or DKIM from senders.

What you get

Syntax, policy, reporting validation, include analysis, alignment interpretation, and clear setup guidance for every result.

mail.ru

DMARC

Score breakdown

Configuration

Reporting (RUA / RUF)

SPF

Score breakdown

Configuration

SPF redirect

DNS lookup detail

Authorized IP addresses

BIMI

Score breakdown

Configuration

TLS

Score breakdown

Configuration

Transport checks

Keep mail.ru protected automatically

DMARC report processing

DNS change alerts

Receiver Shield for inbound

Check another domain

How other domains configure email authentication

Popular domains

Well configured

Same policy

What we check

Why it matters

What you get

Cookie Preferences

Cookie Preferences

Essential Cookies

Analytics Cookies

Marketing Cookies