Yahoo Responds To Recycled Email Security Problem

Yahoo will launch a Not My Email button to return old account-holders email and help former users reclaim their accounts.

10 Ways To Fight Email Overload (click image for larger view and for slideshow)
Yahoo announced late Tuesday night that the company plans to roll out a tool for recipients of recycled email accounts to return messages that were not intended for them.
InformationWeek
reported Tuesday on three Yahoo users who began
receiving emails containing personal information
intended for the former user -- including bank and wireless account information -- after signing up for a recycled Yahoo account.
The new button
, called Not My Email, will roll out this week and will be found under the Actions tab in users inboxes. The button will help users of recycled accounts train their inboxes to recognize which email is intended for them and which is not, eventually rejecting email before the user has read it.
Yahoo said it also plans to help to users who have lost their Yahoo account due to inactivity. These steps include outreach to users by phone and email and extending the grace period for inactive accounts.
[ Some Yahoo users got more than they bargained for. Read more:
Yahoo Recycled Emails: Users Find Security Surprises
. ]
In a statement to InformationWeek, a Yahoo spokesperson said that users of inactive accounts will be notified one month in advance via their Yahoo Mail account, alternate email address and SMS if their account is subject to being recycled. If they dont activate their account within the next 30 days by logging into any Yahoo property, the email account will be scrubbed and everything deleted.
We will then bounce emails to it and after a period of time open it up for anyone to register for, the spokesperson said. At that time, the earlier account owner could try to register for it -- but their content wouldnt be in there. Alternatively, if someone else registers the account, the earlier account owner could go to
watchlist.yahoo.com
and pay $1.99 to get put on the watchlist for that name and 4 others.
According to Dylan Casey, Yahoos senior director of platforms, the company monitored systems for claims about mistaken deliveries and were able to identify the problem with some of the accounts. The email bounce method, he said, was insufficient for senders to see that the email was no longer valid. Casey maintained that the email problem has affected only a small number of Yahoo users.
Casey also said that Yahoo is continuing to look into its Require-Recipient-Valid-Since protocol, a header that senders add to emails to check the age of the account before delivering a message. The company said it is reaching out to businesses such as Amazon, eBay, PayPal and Walmart to target emails to current users instead of the former account holders.
Yahoos initiative to free up dormant accounts began in mid-June when the company first
announced its plan
. Yahoo said it would alert users who had been inactive for at least 12 months and instruct them to login to their accounts if they wanted to keep them. Accounts that remained dormant would be recycled and up for grabs.
In July, Yahoo opened up a
wish list
where users could name their top five choices for a username. In August, Yahoo contacted them if one of their IDs was available and sent them instructions to claim it within 48 hours. Almost immediately, privacy advocates and security analysts criticized Yahoos initiative.
A Yahoo user cited in
InformationWeeks story
reported that the emails he received would allow him to log into the former accountholders Pandora and Facebook accounts. He also knew the users name, address, phone number, the last four digits of the users social security number and where the users child goes to school.
The other Yahoo users reported similar experiences: They received email receipts from Nordstrom, timecards that detailed mileage reimbursements, airline confirmations and an apartment application confirmation.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Yahoo Responds To Recycled Email Security Problem