Last year, Yahoo Mail took the controversial step of deactivating some of its oldest email accounts and making the newly freed addresses available to new subscribers. Despite promises that the recycling effort would be handled “safely and securely” thanks to monitoring efforts and new filtering technology, a number of emails still wound up in the wrong hands. Recipients of recycled Yahoo email addresses reported being able to access the previous owner’s Facebook accounts — a terrifying prospect considering how much personal information can be found in our Facebook accounts.
Since then, both Facebook and Yahoo have been working on a solution to this very serious privacy problem. Their solution, as reported by Wired, is a new email protocol called RRVS (Require recipient valid since). RRVS allows Facebook to add a time stamp to password recovery messages that tells Yahoo the last date Facebook verified that the email address matches up with an account on the site. If the address has been changed since, the password recovery email won’t be sent.
The new RRVS protocol should help mitigating some of the problems of email address recycling, especially if other sites adopt it as well. But don’t expect the RRVS to be a magic bullet. Recycling email addresses is still bad practice. Plenty of messages will still wind up going to the wrong people, even if large corporations adopt RRVS.
If you currently have a Yahoo account, you’ll want to make sure you continue to sign in to it regularly to avoid it being recycled to a new owner. You should also avoid using it as a login for anything sensitive, including online banking, social networking and e-commerce sites. If you don’t have a Yahoo email account, I’d recommend you not start now – stick to Gmail, Outlook or one of the many other email providers that doesn’t risk its users’ privacy through recycling.
[Email security via Shutterstock]