Jun 21, 2013

Yahoo Is Recycling Email Addresses

UPDATE: 6/25/13

According to a recent statement by Yahoo, they’ll spend thirty days hard bouncing inbound traffic to any email address they plan to recycle on August 15th. That means you could see higher bounce rates on your list starting July 15th. Just so you know, many ISPs recycle dormant accounts into spam traps, and we’ve always assumed they bounced those addresses for six to twelve months beforehand. In light of Yahoo’s announcement, we may have to re-think that assumption.

Yahoo is freeing up accounts that have been inactive for a year or more. The old emails, contacts, and all associated data will be removed, and Yahoo will open up those account IDs for new users.

If you want to keep your Yahoo account, you must log in by July 15th or it’ll be gone forever. If you want to sign up for someone’s old account, you can put your name on a waiting list around the same time. You’ll find out by mid-August if you got the Yahoo address you’ve always wanted.

More than a few security-minded folks are kind of upset about this, and they might have a good point.

What’s the Big Deal?

A lot of paranoid geeks like myself don’t sign up for online services with the same email address they give to friends and family. In fact, I have several email accounts I use to sign up for a range of services from iTunes to some random news blog. You know, because I had to comment on that maple syrup theft. Had to.

Let’s say I signed up for Amazon with one of these Yahoo email addresses. Except, I never actually sign in to this address and check its email. Let’s then assume that I accidentally saved my credit card info in my Amazon account. I’m usually too paranoid to ever do that, but it could happen. With a little password reset magic, the person who now has the Yahoo account I never log in to can order anything they want off of Amazon with my credit card.

Nasty, right? But wait, there’s more! Let’s say I did use that Yahoo account for a while, and I sometimes emailed my coworkers. Then, one of my coworkers moved to a large competitor. It might seem crazy, but that former coworker could get my old Yahoo account and pretend to be me. Who knows what kind of sensitive information my current coworkers would send out if asked?

So that’s the big deal, and that’s why a lot of security people are getting riled up. In many ways, this reminds me of Y2k. Was it a real problem? Yes. Was it worth the hype? Apparently not.

Be Careful What You Wish For

If you’ve ever given out a fake phone number, you may’ve wondered who ended up getting harassed on your behalf. Well, people give out fake email addresses all the time, and I never worry—er, I mean, those people never worry about who ends up getting spammed.

Do you really want to be on the receiving end of john@yahoo.com? Worse yet, do you want asdf@yahoo.com or 123@yahoo.com? These are addresses anyone could stumble upon when they’re giving out a fake email address.

Check Your List

As an email sender, it’d be easy for a few addresses like john@yahoo.com to end up on your list. Maybe the address was live at one point, but now it’s just dead weight on your list. It never opens or clicks, but it’ll also never unsubscribe or hit the spam button. Well, hold on a minute.

If someone reclaims that address and you continue to send, they could very well hit the spam button. After all, they didn’t subscribe to your list. They didn’t opt-in at all.

If you don’t perform regular list maintenance, let me suggest you start. It wouldn’t be a bad idea to segment out any inactive Yahoo addresses.

If you do want to segment:

To capture all the possible Yahoo addresses that might have wandered onto your list, you’ll need to remember a few extra domains. It would also help to use the format "yahoo." in order to catch yahoo.com and yahoo.fr (france).

  • yahoo.com
  • ymail.com
  • rocketmail.com

For example: