Yandex is a google-like service in Russia. It’s the fourth largest search engine world wide, and also provides things like mail, online storage, DNS, etc. It’s slightly less stringent about checking accessing IP, which can be bad (if your account gets hacked, it may be less protected from geographically unlikely access) but also good (if you actually travel, or need to access it from a VPN or a remote server, they will allow you to do so, while google has a tendency to demand phone verification or just plain kick you out on the basis that you look like you hacked your own account).

Supplies:

A domain, including access to it’s DNS records.

Somewhere to access them from.

Step 1: Set up an account at yandex.com. This can be done from passport.yandex.com or by clicking “log in” and then “register” on any yandex page. It will ask you for a name, address, and phone number. If you don’t feel like supplying a recovery phone, click “I don’t have a cell phone” – it’ll be ok with that and ask you to instead supply a recovery question. Pick as strong of a password as you need to and make note of it and your recovery question(s)/answers – while they’re laxer with where you choose to access your account they are harsher than google in terms of recovery. Do not count on being able to recover from a lost password/recovery Q – it’s not totally impossible, but it’s also highly likely that it’ll be permanently lost.

Step 2: Go to domain.yandex.com. Enter your domain name in the “connect domain”. If you aren’t logged in with the account you made, you’ll be asked to do so.

Step 3: Demonstrate that the domain is yours. They provide a few options, but the easiest is probably to add a specified NS record. They’ll give you a hostname (y2a3n323a234f.yourdomain.com or something) that you’ll be asked to add as an alias (CNAME) for one of their hosts. Add it to your DNS settings, if using bind, add a “y2a3n323a234f IN CNAME the.host.they.said.ru” to the zone file, update it’s serial number so it propagates and tell bind to restart or reload (usually “service bind9 reload” (or …restart). Give it a bit to spread though the DNS network. If possible check from another perspective (such as your own machine if it’s not using the same DNS server authoritative to your domain) by looking up your CNAME (nslookup y2a3n323a234f.yourdomain.com from windows or linux prompt). Once it seems established though out that it’s there, click the button on the yandex page to tell them to look for it. If you tell it to check too soon and too many times, it will throttle you (usually tell you to wait a half hour before rechecking) so it’s worth giving it a bit to make sure it’s out there. If it throttles you, double check that you did in fact add the correct CNAME and that it’s visible and wait out your timeout. There’s no real way around this and it is necessary to avoid DNS poisoning attacks (sending out false information getting central DNS caches to temporarily misreport).

Step 4: Once they admit it’s your domain, add MX records for their hosts. They’ll tell you where, usually a few hosts like mail34.yandex.com. They’ll quote you exact MX records and priorities to add, in the vast majority of cases the recommended settings are what you’ll want (I can’t really think of a situation where they wouldn’t be).

Step 5: Set up mailboxes and/or catchall address (where to send xyzzy@yourdomain.com if there is no xyzzy mailbox). You can set up something like 1000 free, though they say if you need more or more storage, contact them – I’m not sure what they’d do or charge if you somehow needed more.

Step 6: Done. Start using. When logging in to a mailbox the first time (logout and go to the address they supply to log in with username only, or log in at mail.yandex.com with the full address (user@domain.com) and pass) they’ll ask you to enter new recovery information, name, and accept TOS for that particular address (so that if it’s not yours, the new user, too, accepts them). These sub-accounts can be recovered (or deleted, modified, etc) using the main account you used to create the domain, so that isn’t as picky. They have even less recourse for recovering from them directly though – as admin of the domain they’re considered your users/your problem if they forget their password. If you wish to use imap/pop/etc for third party clients, this can be activated in their setup screens. Some push options are available, support depends a bit on the third party client. There are mobile apps available (similar to gmail) which work as a more user friendly way to set up push notifications but with the same downsides as any third party apps.