Under Marissa Mayer, Yahoo! has been making many changes to its services. Most of these have been welcomed by users and commentators, however one recent change is a definite cause for concern.

Over the summer, Yahoo! announced it will begin recycling usernames and email addresses it considers to be ‘dormant’. This means users who are not actively sending email messages may find their username taken away and given to someone else.

Any user’s Yahoo! email address that hasn’t sent emails for more than 12 months is susceptible to having the service terminated and the user ID placed back into general circulation for someone else to take.

Indeed, people can even request a new user ID and have it allocated to them once the current user is considered to be no longer active.

Impact on users, and online security

Ex-users of Yahoo! may not initially be concerned about their email address and ID being recycled, however there are security and identity implications hidden in Yahoo!’s new policy.

The email address may still be used to receive emails, especially newsletters or order confirmations. The new owner will have access to future emails sent to the recycled address.

It’s common practice to make an email address the username for other online service, and inactive users may still be using their Yahoo! email address for this. Because they are not actively logging into Yahoo!, or sending emails, some users risk having a stranger take over their email address and being able to retrieve password information for other services.

An even bigger risk is spammers taking over an old Yahoo! ID, sending a flurry of fake emails, and in the process damaging the original user’s online reputation.

The dangers of recycling ID and email addresses is amplified due to the apparent inability for ex-users to reactivate an account Yahoo! has decided is dormant.

What to do about Yahoo!

Users who are concerned their old email address could be recycled should start by trying to log into Yahoo!s online services. If their ID has been given to someone else, or flagged as dormant, they will be notified

If the account is dormant then the following actions will reduce the impact and security risks:

  • Remove the email address from newsletters, order confirmations, and all other public websites it may be used.
  • Tell everyone that the Yahoo! email address they may still have in their address books is no longer valid, and they should ignore any emails coming from it in the future.

+ Stop using the Yahoo! email address as login details for online services.

Take control of your email

The recycling of Yahoo! email addresses shows again why it’s always better to create an email address on a domain the user controls.

Users who register their own domain can have confidence that their chosen email address will never be given to someone else, and they get flexibility to move their email between hosted email providers.

Choosing a suitable hosted email provider, gives individuals, and businesses, added online security, including:

  • Full control of email identity — The domain owner chooses email addresses, not the hosting provider.
  • No scanning of emails to create advertiser-friendly profiles — With a reputable hosting company, the user is the customer – not something to profiled, packaged and sold to advertisers.
  • Secure data storage, protected by UK law — Pick a hoster with UK data centres and emails are protected from foreign jurisdiction’s snooping.

Much of a user’s online, and offline identity if they are a business, is connected to their email address and anyone serious about maintaining their credibility and reducing security risks should be running email on the own domain, with a hosting company they can trust.