Zerodha rediffmail blocked email deliverability Kite password reset email provider restricted cyberattack

Why Zerodha blocks Rediffmail email IDs

From WebNotes, a public knowledge base. Last updated 20 June 2026. Reading time ~9 min.

Key facts

What is blocked	Registration with a Rediffmail email ID, and Kite password reset by email for accounts already on Rediffmail
Reason one: security	Zerodha has observed an increase in cyberattacks targeting Rediffmail accounts
Reason two: deliverability	Emails Zerodha sends are frequently not delivered to Rediffmail addresses, breaking critical communication
The error you may see	The e-mail provider (rediffmail.com) you are using is restricted. Try SMS
The fix	Reset the Kite password via SMS if needed, then change the registered email to Gmail, iCloud or Yahoo

Zerodha restricts Rediffmail email IDs for two documented reasons: it has observed an increase in cyberattacks targeting Rediffmail accounts, and emails it sends are frequently not delivered to Rediffmail addresses. Because every contract note, statement, OTP and alert reaches you by email, a provider that drops or bounces those messages is a compliance and security problem, not a minor inconvenience. New registrations on Rediffmail are not accepted, and existing Rediffmail accounts are blocked from resetting the Kite password by email.

If you try an email-based Kite password reset on a Rediffmail-registered account, you see the message “The e-mail provider (rediffmail.com) you are using is restricted. Try SMS.” That error is the security side of the rule: Zerodha blocks email password resets for Rediffmail IDs because of the elevated cyberattack risk and routes you to an SMS reset instead. This guide sets out both reasons, the exact SMS-reset steps, the providers to switch to, and why the resolution is to change the email rather than to contest the block.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Reason one: cyberattacks on Rediffmail accounts

Zerodha has observed an increase in cyberattacks targeting Rediffmail accounts. Because the registered email is the recovery channel for the trading login, a compromised email mailbox is a direct route to compromising the trading account: an attacker who controls the inbox can intercept a password-reset link and take over Kite . To cut that path, Zerodha restricts Rediffmail-registered accounts from resetting the Kite password by email, which is the specific function an attacker would abuse. The restriction is a control on the highest-risk action, not a blanket lockout of the account.

This is the same logic behind Zerodha’s other login-security signals, such as the alert it sends when you log in from a new device or a different city or IP . The provider-level Rediffmail block sits in the same family of measures described in Zerodha cyber security : reduce the surface an attacker can use to hijack the account through a weak email link.

Reason two: email deliverability

The second reason is operational. Emails Zerodha sends are frequently not delivered to Rediffmail addresses. Zerodha sends all important communication by email, the contract note , the consolidated account statement , margin notices, and KYC and corporate-action messages, so an address that silently drops or bounces those emails leaves you uninformed about your own account. When a provider repeatedly fails to accept a sender’s mail, the sender’s deliverability reputation also degrades, which pushes mail handlers to junk or reject the sender’s future messages to other recipients too. Restricting a chronically undeliverable provider protects the whole mail stream, not just the single account.

A Rediffmail user therefore faces a quiet failure mode: the account looks fine, but the messages that should reach it do not arrive. That is worse than a visible error, because you only discover the gap when you go looking for a statement that never came.

The error and the SMS password reset

If you attempt to reset your Kite password by email on a Rediffmail-registered account, Kite returns “The e-mail provider (rediffmail.com) you are using is restricted. Try SMS.” Reset the password by SMS instead, following these steps:

Visit Kite.
Click “Forgot user ID or password?”
Enter your user ID and PAN and select SMS.
Enter the Captcha and click Reset.
Enter the OTP received and click Continue.
Enter and repeat the new password and PIN and click Save.

If your registered mobile number is on DND, the OTP SMS may not arrive; clear DND for transactional messages or confirm the number is active, then retry. For the full password-recovery flow, see How to recover your Kite password .

The fix: switch to a deliverable provider

The lasting resolution is to change the registered email to a provider with reliable delivery, such as Gmail, iCloud or Yahoo. The point is not the brand but the deliverability: Zerodha’s emails must land in your inbox without bouncing or being dropped, so that contract notes, statements and security alerts reach you. Update the email through Console; the full procedure, including the verification Zerodha runs on the new address, is in How to change your registered email on Zerodha .

Because the block is a property of Rediffmail rather than of your individual account, raising a support ticket to “unblock” the address will not resolve it; switching the email ID will. After you switch, confirm that a test communication from Zerodha arrives, and if you are still not receiving emails, work through How to fix not receiving emails from Zerodha , which covers spam filtering and whitelisting on the new provider.

External references

References

Zerodha support, Why Zerodha does not allow Rediff email IDs for registration (cyberattacks targeting Rediffmail accounts; emails frequently not delivered; as of 21 June 2026).
Zerodha support, The e-mail provider (rediffmail.com) you are using is restricted. Try SMS (Kite password-reset error and SMS-reset steps; as of 21 June 2026).
Zerodha security page on login alerts and account-protection measures (as of 21 June 2026).
SEBI requirement that brokers deliver contract notes, statements and account communications to the client’s registered email, which a chronically undeliverable provider defeats.

WebNotes Editorial Team prepares factual reference material based on publicly available regulatory documents and broker disclosures. WebNotes is not affiliated with Zerodha Broking Limited. Procedures and provider lists are subject to change; verify current requirements at support.zerodha.com before acting.

Frequently asked questions

Why does Zerodha block Rediffmail email IDs?

Two reasons. Zerodha has observed an increase in cyberattacks targeting Rediffmail accounts, so it restricts email-based password resets for them. And emails Zerodha sends are frequently not delivered to Rediffmail addresses, which breaks the critical communications that must reach you.

What does 'The e-mail provider (rediffmail.com) you are using is restricted. Try SMS' mean?

It appears when you try to reset your Kite password by email on a Rediffmail-registered account. Because of cyberattack risk, Zerodha blocks email password resets for Rediffmail IDs and asks you to reset via SMS instead, then change your email provider.

How do I reset my Kite password if I am on Rediffmail?

Visit Kite, click Forgot user ID or password, enter your user ID and PAN and select SMS, enter the Captcha and click Reset, enter the OTP received and click Continue, then enter and repeat the new password and PIN and click Save.

Which email providers does Zerodha recommend instead?

Switch to a provider with reliable delivery such as Gmail, iCloud or Yahoo. The key requirement is that Zerodha’s emails, the contract notes, statements and alerts, actually reach your inbox without bouncing or being silently dropped.

I already have a Zerodha account on Rediffmail. What should I do?

Change your registered email to a deliverable provider so communications and security work properly. You can update the email through Console; if you also need to reset the Kite password meanwhile, use the SMS route rather than email.

Is the block specific to my account or all Rediffmail IDs?

It applies to Rediffmail as a provider, not to your specific account. The restriction reflects the security and deliverability record of Rediffmail addresses generally, so switching the email ID, not raising a ticket about your account, is the resolution.

What if I do not get the SMS OTP during the reset?

If your registered mobile number is on DND, the OTP SMS may not arrive. Deactivate DND for transactional messages or check that the number is active, then retry the SMS reset. Once in, change the Rediffmail ID to a deliverable provider.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed: 20 June 2026
Conflicts of interest: WebNotes is independent. No relationship with any broker, registrar or bank named in this article.