Delhi Police officers also said they suspect “a deeper conspiracy” and registered a case of criminal conspiracy, anonymous communication and other charges under the Indian Penal Code (IPC) and the Information Technology (IT) Act.

To be sure, such email ID addresses can be created by anybody, from any location.

ALSO READ | DPS Dwarka, Amity, several other Delhi-NCR schools get bomb threats, search on

An officer involved in the investigation said the threat was sent from ‘sawariim@mail.ru’, an ID with a domain based in Russia, but the user may have bounced the email off a series of IDs to keep their own IP (internet protocol) address hidden. “It’s likely the IP addresses may be associated with a VPN and establishing the person’s connectivity will be a challenge. We will seek Interpol’s help by sending it a Demi Official (DO) letter, seeking the details of the person who signed up for the email address,” said the officer.

“We will also approach the Russian company to help us with the details of the registrant,” said the officer.

Mail.ru is the email service provided by the Russian company VK, similar to how Gmail or Outlook are email services provided by Google and Microsoft, respectively. In this case, .ru is the country code top-level domain for Russian websites, like .in is for India.

Just like with Gmail and Outlook, anybody, anywhere in the world can set up a Mail.ru account and use it to send and receive emails. It does not mean that the email originated in Russia.

This reporter was on Wednesday able to set up such an email ID within minutes.

The .ru country code was also used to send a hoax threat to The Indian School in Sadiq Nagar, South Delhi on April 12 last year.

ALSO READ | Minister Atishi’s request to parents as multiple Delhi-NCR schools receive ‘bomb threats’

To know where the hoax email originated, Indian law enforcement agencies will have to approach the Russian company for details about the sender’s account.

The level of cooperation that the company offers will depend on India’s bilateral treaties with Russia about exchanging information for crime solving, and on how much information the company stores about its users and their email accounts.

VPNs allow users to mask their IP addresses online.

They reroute a user’s request to a website (like Google.com) or online service through a server located in a third country, replacing the user’s location and IP address from the service provider (Google.com in this case) with the VPN server’s, making it harder if not impossible for law enforcement agencies to track down perpetrators of online crimes.

Between November 2022 and May 2023, three schools in Delhi received at least five hoax threat emails. Two schools received two such emails each, while the third school received one email.

Of the two schools The Indian School in south Delhi’s Sadiq Nagar received the first hoax threat email on November 28, 2022 from “jhonfoster@tutanota.com” and the second on April 12 from “jhonmaddison77@rambler.ru.”

“The first email ID was generated through a service provider based in Germany. The company, in its response to the investigating team, which was received through Interpol, said it did not have any stock data on the email address because it was used free of charge and not as a paid account,” said an officer involved in those investigations.“The IP address of the second email, in which the Russian service provider’s facility was used, was traced in Austria. As it was associated with a VPN, its connectivity could not be established. The two cases still remain unsolved,” said the officer.

(With inputs from Debashish Karmakar)