This article was published on July 15, 2013

Yahoo starts resetting IDs of inactive accounts, lets you build a wish list of five usernames for August release


Yahoo starts resetting IDs of inactive accounts, lets you build a wish list of five usernames for August release

As planned, Yahoo today announced it has started freeing up Yahoo IDs like emil@yahoo.com that have been inactive for at least 12 months so users like thisismythrowawayaccount@yahoo.com can finally get a useful email address. The company gave users just over a month to login if they hadn’t in the last year, and now it has launched a “wish list” for those interested in getting a new name.

Here’s how it works. Head to wishlist.yahoo.com and enter up to five usernames, in order of most wanted to least wanted. Then enter your current Yahoo email address. Hit the Submit button and you’re good to go:

yahoo_wishlist

When you’re done, you should get the following message:

If you’re first in line for a username, we’ll email you a link to claim it in mid-August, 2013. After that, you can add usernames to a watch list so you’re the first to know when they become available.

Curiously, you can fill out this form as many times as you want. It’s not clear if doing so will overwrite your last submission or not, but we’d guess that it probably does.

If your first choice isn’t available, Yahoo will work its way down your list. Next month, Yahoo will send out emails letting its users know which of their picks is available, with a link for claiming them within 48 hours.

For those who haven’t used their Yahoo account in ages, Yahoo IDs are not only for your email: they also tie your customizations and preferences to other Yahoo properties, including looking up content such as sports information, weather, and news. Email is the most important though, and as we noted in our coverage previously, this is a very enticing deal for spammers and other criminals who can make a killing by hijacking such addresses.

Yahoo is addressing some of that today by announcing plans to work with partners, like e-commerce and social networking sites, to identify that a different person is the new owner of a given Yahoo username, and the previous one isn’t anymore. Each of these parties will have their own rules for determining age requirements for the receiving account.

To communicate to another site that a username has a new owner, Yahoo will allow them to “ask” for a new type of validation when sending an email to a specific user. The field, which can be requested via an email’s header is called “Require-Recipient-Valid-Since,” a new standard being published with the IETF.

Facebook helped Yahoo with this initiative, and here’s how the verification method will work with the social network:

If a Facebook user with a Yahoo! email account submits a request to reset their password, Facebook would add the Require-Recipient-Valid-Since header to the reset email, and the new header would signal to Yahoo! to check the age of the account before delivering the mail. Facebook users typically confirm their email when they sign up for the service or add new emails to their account, and if the “last confirmed” date that Facebook specifies in the Require-Recipient-Valid-Since header is before the date of the new Yahoo! username ownership, then the email will not be delivered and will instead bounce back to Facebook, who will then contact the user by other means.

Criminals will nevertheless look for ways to exploit this new header, but will probably mainly focus on sites that haven’t implemented it yet. Thankfully, even Yahoo expects that “a very small percentage” of its users had an active email address with the company that had a “short, sweet, and memorable” ID that could be re-used.

Top Image Credit: Justin Sullivan/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with