Related Posts

Recycled Yahoo addresses and PII leaks

Infoweek interviewed a number of people who acquired new Yahoo addresses during Yahoo’s address recycling and reuse process. It seems that at least for some small percentage of former Yahoo users, there is a major risk of information going to the wrong people.

Read More

Yahoo now auctioning domain names

This summer Yahoo shook up the email ecosystem by publicly announcing they were recycling usernames. The shakeup wasn’t so much that they were recycling usernames, but that they did it in a way that compromised user information and account security. Any user that had an account tied to a recycled Yahoo account is at risk for having their PII leaked. Folks are still dealing with the fallout, both Yahoo and the companies who are trying to meet customer needs by sending emails and protect customer emails by not sending emails.
On top of that, Yahoo announced they’re selling off a number of domains that they’ve accumulated over the years. Some of these are pretty high value domains like webserver.com, sandwich.com and other real words.
I don’t think Yahoo used any of these domains for email, and even if they did any addresses should have bounced off years ago. Still, it does bring up some broader policy issues.
Many, many things online, from bank accounts to social media accounts to blog commenting systems treat email addresses as a unique identifier for that account. Many of these databases were developed with the underlying assumption that people wouldn’t change their email addresses and that it was a static value. This wasn’t a true assumption 10 years ago and it’s certainly not true now. This mistaken assumption is a problem, and one that more and more companies are going to have to address moving forward. This isn’t about email and it isn’t about delivery, it’s about simple data accuracy and hygiene.
Companies must start thinking and addressing email address impermanence. These issues are not going away.

Read More

Yahoo releases user names

According to TechCrunch, Yahoo has started notifying people if their desired username is available. For users who asked for names that aren’t available now, Yahoo has a solution. They will be keeping wishlists for users for the next 3 years. If those usernames are abandoned and expire, Yahoo will notify people by email.
Any sender using email as an account key (either for resetting passwords or granting access) should be careful about releasing accounts to Yahoo users. Yahoo has established a new header type (Require-recipient-valid-since, currently going through the IETF standards process) to minimize the chance that the wrong people get access to other accounts tied to a recycled mailbox.
For those of us who didn’t put in some addresses we, too, can create username wishlists, we’re just going to pay $1.99 for the privilege.

Read More