Answering concerns about Preview Pane

In a recent post several users expressed some concerns about the Preview Pane feature in the All-New Yahoo! Mail. I touched base with the guys from our anti-spam team, as well as those from the team that focuses more on overall security throughout the Yahoo! network, and I think I’m sufficiently equipped to respond.

First I should explain the different types of messages people would typically classify as “spam”, and what risks each kind can pose. Be advised, this is kind of confusing (I know it was for me) … but I think it’s information that, once you wrap your head around it, is VERY useful.

• Unsolicited Marketing messages – probably the most common style, these are messages promoting all types of products or services, from all types of sellers, that are sent out indiscriminately. Some senders can use images within a message to confirm that your address is active, but as long as your spam settings indicate that you block images from unknown/uncertified senders (the default setting if you are in All-New Yahoo! Mail) then previewing isn’t risky. Spammers won’t know you’ve read the message unless you respond.
• Spoof or Phishing messages – these are messages that claim to be from any one of your favorite websites (hoping you’ll click a link and/or provide personal information), or claim to be from a lottery or estate (offering untold fortunes if you send money). These are dangerous if you fall for the rouse ruse, by clicking or responding, but not to preview it. Just be sure not to click on the links, or wire your savings overseas.
• Dangerous Images or Javascript - some nefarious individuals attach or embed images, or include some unfriendly javascript, that if accessed might run some nasty program or take advantage of a security loophole in your browser. The attached or embedded image issue should be covered as long as your spam settings have you blocking images from unknown/uncertified senders (just like I mentioned in the first section). Just don’t open or download the image. Meanwhile, our systems are also scanning for known or suspicious scripting, as well as sniffing out and preventing unwanted scripts from running (kind of like neutering it). Users reduce their risk even further by making sure they have the latest security patches for their browsers (VERY IMPORTANT), which is needed to protect users whether viewing email or simply out surfing the web. An easy way to check for security updates in IE is to access the Tools menu and go to Windows Update.

Identifying spam and phishing/spoof messages typically requires collaboration from our technological defenses and human input (since in many cases it’s a judgment call on the content and many users have differing opinions on what constitutes worthwhile content), but images and Javascript are things we address uniformly (based on your image settings, of course). Just because you see some spam messages sneaking through the net you shouldn’t assume all types of spam are regularly getting through.

Combine all that, and what do you get? While there are always risks in online activity, if you combine our continuing efforts to lower the risk of email scams with your efforts to continually keep your browser up to date, you’ll probably conclude (as we have) that the preview pane is a pretty good deal.

You can close and re-open the pane at any time (using ‘v’), and can also use the checkbox feature to highlight and delete messages directly from your inbox (without opening or previewing). So all things considered, All-New Mail can be every bit as safe as Classic.

Ryan K. Community Manager Yahoo! Mail