Russian Websites May Be Required to Use Only Local Email Accounts for User Authentication

The Russian government is currently developing the second package of measures aimed at combating cyber fraud. As part of this initiative, Russian website owners may soon be required to authenticate users solely through Russian email addresses. While a ban on foreign email addresses during user registration is already in effect, it previously did not apply to users who had already registered.

Moving forward, all Russian legal entities are expected to be mandated to use email addresses registered within the national domain zone when authenticating users on their platforms. Consequently, users will be unable to log in using accounts like Gmail.

The government might implement some exceptions, although details regarding these have not been disclosed.

A representative from Vice-Premier Dmitry Grigorenko’s office indicated that the new package will include more than ten measures, such as regulations on the circulation of bank cards, the establishment of legal mechanisms to oversee the real estate transaction market, accountability for using artificial intelligence in committing offenses, and penalties for the illegal distribution of SIM cards.

A spokesperson from the Ministry of Digital Development mentioned that it is too early to determine which specific measures will be included in the final version of the bill.

According to mobile operator Yota, the share of Russian players in the email service traffic rose to 69% from 55% in the first nine months of 2024. However, Gmail remains the most popular email service in the country, with a 19% increase in users over the past year, despite a 10% drop in user activity compared to the previous year. Yandex.Mail holds second place in popularity, with a 35% increase in its user base, followed by Mail.ru.

Marina Brik, product director at the domain business of RuCenter, notes that transitioning to Russian email services may inconvenience users, as some will need to create additional accounts within the .ru domain and set up email forwarding. The main challenge of the switch will be transferring contacts. Many websites currently allow authentication through Gmail, but under the new regulations, users will be required to provide an additional email address на.ru. Moreover, the rules for mobile applications from the App Store and Google Play will remain unchanged.

Konstantin Anisimov, CEO of the Russian cloud provider AstraCloud, believes that the legal adjustments are aimed at combating fraudsters rather than targeting Gmail users. «The main issue lies with anonymous email services that enable the creation of temporary email addresses without identity verification. Fraudsters utilize such addresses to register on hosting platforms, receive verification codes, and confirm their email, allowing them to carry out fraudulent activities. When Roskomnadzor intervenes, the hosting service blocks the site, and the real contact details of the fraudster are unavailable,» he explained.

Starting June 1, a law has come into effect in Russia that prohibits employees of government agencies, telecommunications operators, and banks from communicating with citizens through foreign messaging services. This law aims to assist in the fight against fraud and will affect information aggregators, website owners reaching over 500,000 users daily, the Central Bank, government bodies at all levels, public law entities, commercial companies with over 50% state participation, members of the national payment system, state off-budget funds, and other enterprises.