When Yahoo announced an email-recycling program that let users claim inactive addresses, people immediately raised security concerns–and for good reason. A small percentage of people holding recycled email addresses have received messages not intended for them, leading Yahoo to build a Not My Email button that will be released this week.
The button will let users reject emails not directed to them, but its effectiveness relies on the goodwill of users who could instead choose to do harm with personally identifiable information about the previous account holder. Yahoo had attempted to stymie concerns of identity theft with a 30-day deactivation period that unsubscribed dormant accounts from email lists and informed businesses, financial institutions, and social networks about the deactivated addresses. Yahoo hasn’t disclosed how many users have been affected, only telling TechCrunch that it was a small number.
In addition to marketing and newsletter blasts, users have reported receiving emails with sensitive information, including account numbers and PIN codes. “It started off with some stuff from catalogs and clothing companies and I thought, ‘That’s fine, I’ll just unsubscribe.’ I figured I’d have to deal with a little of that,” web developer Scott Newman told InformationWeek. “But then I started getting emails with court information, airline confirmations, a funeral announcement saying someone had just died–it was nuts.”