Yahoo! Mail Blog
The latest scoop on Yahoo! Mail product updates, new releases, bug fixes,

Independent empirical studies done by the prestigious Fraunhofer Institute show that Yahoo! Mail is #1 in blocking malware and spam from reaching mailboxes.

We, at Yahoo! are proud about putting technology to work for our users. Under the hood, a complex system of spam filters is combing every mail coming into the system for spam signals and automatically detecting the spammers’ next steps. Every spam report counts and tells a little more about how to counteract unwanted email.

Spammers use every trick in the book to distribute millions of spam and scam emails every day – but with Yahoo! Mail, most of these messages are stopped even before they get to our users. In fact, unlike our competitors’ antispam systems, our filters flag or block greater than 99% of spam. With nearly 300 million Yahoo! Mail users worldwide, we are blocking over 120 billion spam messages every month. That’s an average of 400 blocked spam messages per Yahoo! Mail inbox per month.

And we are not the only ones who have noticed our spam-reduction efforts.

The Fraunhofer Institute, an independent research firm, found that Yahoo! Mail users saw the least amount of spam out of the five providers tested, with nearly 40% less spam than Hotmail and 55% less spam than Gmail – meaning Gmail users in the study saw more than twice as much spam as Yahoo! Mail users.

While it’s great to lead the industry with our efforts, it is just as important for us to work together to win the war against spam. As we push forward with our collaboration with anti-spam industry partners, and advance our technology efforts, we’ll continue to arm you with tools, tips and strategies to keep your inbox away from spam, phishing and online scams.

And, as always, keep reporting spam so we can make our engines work even harder to keep your inbox clean.

Read more »

I am a firm believer in the old adage ‘an ounce of prevention is worth a pound of cure’. That is why my colleagues and I write a lot of posts around online security, phishing prevention and spam. We want everyone to know how to recognize and avoid phishing emails, as well as share tips for staying safe online.

But I also recognize that even the best of us can get caught off-guard sometimes. Whether it happens by mistake or a particularly well done forgery, someday you may find yourself in the situation that you account has been phished. If you don’t realize it right away, you’ll know it when your friends start asking why you sent them an email to a strange online shop or whether or not you really are stuck in Chicago without your wallet and are in need of money.

If you do ever find yourself the victim of a phishing attack and think your Yahoo account has been compromised, here are some things you can do to help get your account back online and in your control:

Change your password immediately. If you find that your account is sending spam, and you are still able to access your account, login to your Yahoo! account and change your password. That will prevent the fraudster from entering your account again. (Tip: Also check that we have the correct alternate contact email address for you on file.)

Use our automated account recovery tool. Sometimes the hacker who stole your information changes your password so that you can no longer access your account. If that’s the case, our account recovery tool can help restore access to your account and change your password at the same time. (Tip: You will have to answer your secret questions to complete the tool. If you forgot, or haven’t set your secret questions/answers, you can do that here then click the link ‘Update password-reset info’.)

Contact our Customer Care Team. If you can’t remember or are unable to provide the information needed by the account recovery tool, you can always contact our customer care team. Have a look at our account verification help pages, and then click the ‘Contact Us’ link. They will help get access to your account.

Remember, prevention is the best medicine. So arm yourself with the knowledge to stay safe online, and make sure you are prepared in case you ever do find yourself the victim of phishing. To simplify the process and quickly regain control of your Yahoo! account, make sure you always have a current alternate contact email address, and know the questions and answers to your secret questions. You can update your Yahoo! account recovery information by logging into your Yahoo! Account.

Read more »

I get questions from users now and again, whether or not we sent an email asking for account information. The answer is always NO! (Sorry for shouting) We will never send you an email asking for your account information. This is something that I’ve written about before but it never hurts to post about it again.

Here is an example of a phishing email that I received recently:

We definitely did not send this email. This one, and others like it, all pretty much follow the same formula:

• They are sent from a strange email address (but sometimes masked to look genuine)
• They usually use a scare tactic
• They want you to reply with your account information
• They have bad grammatical errors and use crazy fonts and lots of logos.

The most important thing to know is we will never ask you for your password! Here are some other tips to protect you from phishing threats: Never click on links in emails that ask you to provide account information, go directly to the website and login from there, don’t believe every warning you read in an email. And finally, there is no Yahoo Lottery.

To coin a phrase from my all-time favorite daytime cartoon series G.I. Joe – “Now you know, and knowing is half the battle.”

Read more »

With more than 300 million Yahoo! Mail inboxes worldwide, we take our responsibility to keep you safe and your inbox free of spam, phishing and other online scams very seriously. Did you know that in 2008, Yahoo! blocked more than a billion spam messages each day?  And it doesn’t stop there. So far this year, we have reduced the amount of spam that comes to Yahoo! Mail inboxes by an additional 30 percent!

So how do we do it?  Our anti-spam efforts use a multi-faceted approach to protect your inbox including the use of enhanced technologies, industry collaboration, public policy efforts, and consumer awareness campaigns. Here’s a look at some of the latest advancements from the front lines of fighting spam:

Analytical analysis – Because spammers adjust their messages in subtle ways to evade detection, we’re using Hadoop, a supercomputer consisting of thousands of individual PCs, to look at hundreds of different elements in each message.  For example, Hadoop doesn’t just look for the word “viagra” or “v1agra” or “v.i.a.g.r.a.” to show up in the subject line, it also looks for extremely subtle signals like how many words are in the message, what time of day the message was sent, how different this message is from the last one we saw from that same sender, and so on.

The hunt is on – We welcome opportunities within both private and public sectors to eliminate spam and educate its users about phishing. For example, in 2008 we saw an increase in messages telling our users that they had “won” the Yahoo! Lottery.  Sadly, no such lottery has ever existed!  Yahoo! has formed a public-private coalition with Microsoft, the African Development Bank, and Western Union to allow victims of lottery scams to upload police reports that are used to track down these criminals and develop better ways of protecting people online, and filed a lawsuit directly targeting these criminal con-men.

Self defense – The old adage is true: an ounce of prevention is worth a pound of cure.  Through ongoing consumer education and awareness, we are able to provide you with tips and strategies to identify spam, phishing and other online scams.  Speaking of, the holiday season and “Cyber Monday”—one of the busiest e-commerce days of the year—are right around the corner.  According to the Identity Theft Resource Center, Internet fraud surges around this time because more of us are shopping online. Be careful of those deals that sound too good to be true, because they almost always are.  For more advice, be sure to check out our top tips for staying safe online and spotting online scams.  Also, check out the sidebar below for specific tips for Cyber Monday.  With a sharp eye and a little education, you can better protect your wallet and your identity this holiday season!

With Yahoo! Mail touching over 50 percent of U.S. email users, your protection online and the prevention of spam are issues that are always top of mind.  Whether it be phishing scams, lottery scams, fund transfer scams or other crimes, rest assured that we are behind the scene working diligently to protect you and your inbox. 

Happy holidays from me and my team as we protect you from spam, one message at a time.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tips for a Safe and Productive Cyber Monday!
As I mentioned earlier, Cyber Monday is almost here.  So be sure to use the following tips when you’re receiving emails from vendors on deals and bargains or shopping online at Yahoo! Shopping or any other online shopping store for that perfect gift this holiday season:

Stay updated: Make sure your anti-virus software, internet browser, and operating system are all up-to-date, to protect your computer against viruses and fraudulent websites.

Know whom you’re buying from: Make sure you understand something about the company you are making a purchase from, and be familiar with their practices and policies. While there are many perfectly-reputable online merchants, there are also scammers out there, so be wary of deals that seem too good to be true. Check out their return policies, shipping procedures, and packaging timeframe. Be comfortable with the website and confident that you are going to be protected in the event an issue arises.

Keep your password to yourself: Most websites will require a log-in to make a purchase. Create a secure and unique password, with a combination of letters (uppercase and lowercase), numbers and symbols. If you need to, it’s much better to pick strong passwords and write them down in a secure location than to reuse the same, simple password on multiple sites.

Look for the padlock: When you’re entering sensitive data – such as passwords or credit card numbers – you should always look for the locked padlock symbol at the bottom of the screen or in the web address toolbar.  If the lock isn’t there, it means the site is not securing your information and the site should definitely not be trusted (unfortunately, just because the lock is there doesn’t mean the site is legit, but if it’s not there you know something’s up)

Use your better judgment: You know better! If that Cyber Monday deal sounds too good to be true, chances are that it is. The same can be said about e-mail. While our spam filters work hard to weed out the bad from the good, never click on links in unsolicited or untrusted messages; doing so exposes you to the fraud and also encourages spammers to send more spam.

Read more »

Keeping you safe while you’re online is a top priority for us here at Yahoo!. One important part of your online safety is making sure that nobody else can access your Yahoo! Mail account without your permission, and the best way to do that is to make sure you choose a good password and make sure nobody else knows it or can easily guess it.

I know it can feel like a pain typing out a more detailed password, but none of us want to make it any easier for the bad guys.

My top advice is to be mindful of any Web page that requests your Yahoo! password. The #1 way people get their passwords stolen is by typing them into lookalike “phishing” web sites, pages that pretend to be Yahoo! or another trusted Web site but actually are run by the bad guys. Scrutinize carefully any page that requests your Yahoo! password. In addition:

• Make sure the Web page address doesn’t have any misspellings or extra words (e.g. http://www.yah000.com, http://www.yahoo-members.com, or http://www.yahoo.BadGuyEnterprises.com) in it. When it doubt, go straight to http://www.yahoo.com and log in from there.
• Be vigilant about anything that doesn’t look right on the page, such as typos, outdated content, or broken or missing pictures.
• Best idea: be sure to set up a customized “Sign-In seal” picture — instructions are at https://protect.login.yahoo.com/ — and never enter your password unless you see that picture on the page.

Here are a few more tips to help keep you safe online:

• Don’t use the same password on multiple sites. Your Yahoo! Mail account is important to you, so it deserves its own password. That way, if the unthinkable happens on another site, at least your Yahoo! mailbox remains secure.
• Never send your password over email. Yahoo! will never request your password from you in an e-mail; if you ever receive such a request, you should treat it as fraud. Do not pass “Go!” Instead immediately click the “Spam” button on that message.
• Protect yourself with a virus scanner. Another way passwords get stolen is from a virus that records your keystrokes. Don’t give the bad guys that option: There are a number of anti-virus companies that offer free versions or trial offers, including (in no particular order and with no specific endorsement implied) http://security.symantec.com , http://usa.kaspersky.com/downloads/free-virus-scanner.php, http://us.mcafee.com/root/downloads.asp?id=freeTrials, and http://www.avast.com/eng/avast_4_home.html.

Unfortunately there is no silver bullet against these criminals and con-men, but hopefully these tips will help us all keep the bad guys at bay.

Read more »

You may have heard or read about email accounts and their passwords being posted online. While I’ve read different versions of how the person(s) responsible was able to get the email account information, it was not a result of any insecurity at Yahoo! It looks to be a result of phishing attacks. Should you feel that one of your email accounts was affected by the recent publication, whether it is a Yahoo!, Hotmail or Gmail account, I would suggest changing your password as well as other account security information like secret questions and alternate email addresses.

We are aware that a limited number of Yahoo! IDs have been made public, it’s uncertain if any of those email/password combinations have resulted in any accounts being compromised. Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security.

We also have the following online resources that provide information and guidelines on email safety:
Our anti-spam site: http://antispam.yahoo.com/
With a phishing prevention sub-section: http://antispam.yahoo.com/phishing
Our help pages: http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse/
And of course, I’ve posted a number of articles about online safety to this blog: Spotting phishing emails, how to spot online scams, avoiding the lottery scams, and account recovery help

Here are a couple FAQs that provide additional information:
Have accounts been compromised because of this?
We are unable to confirm whether accounts have been compromised at this time. However, we strongly suggest that consumers take caution in securing their email and other online accounts by regularly changing their passwords, and updating account security information.

What do I do if I think my account has been compromised?
You should change your password immediately. Also, if you are unable to enter your account, you can take steps to recover it here: https://edit.yahoo.com/forgotroot

We take online security seriously at Yahoo! We strive to make you and your Yahoo! account as safe as possible. Of course if you have any questions or issues with your account, please contact our Customer Care team.

Read more »

There are few things more frustrating than losing access to your email – whether because you forgot your password or, worse, someone else guessed it – which is why we want to ensure that if it happens to you, the recovery process is as smooth and painless as possible. On that note, beginning this week, we’re rolling out some changes that will both improve recovery rates and make the overall Yahoo! experience even more reliable.

Here’s how it works: To help prove you are who you say you are if you ever lose access to your account, Yahoo! will now give you the option to provide additional account information such as an alternate email address and new secret questions. For US users, we will also incorporate the option to include your mobile phone number. We’ll store this information securely in your record so that if you ever lose access to your account, this data can be used to expedite the recovery process.

We’re doing this to help eliminate the headaches caused when people forget their registration details – you’d be surprised how many people can’t recall the basic information they provided when they signed up for their Yahoo! ID. In addition, with the advent of social networking and public profiles, details like your zip code or birthday may be publicly available, and we want to better protect your online experience by making sure you’re the only one who can accurately answer our account recovery challenges.

Beginning this week, after successfully logging into Yahoo! Mail, select users will be automatically redirected to a page where they will be asked to update their account with this new information. Users who wish to update their account information proactively can do so by visiting https://edit.yahoo.com/commchannel/manage. Also from now on, anyone who successfully recovers a lost or compromised account will be asked to update their information to this new standard at the end of the recovery process.

We take privacy very seriously at Yahoo!, and this is part of our overall commitment to providing a safe, easy to use, and reliable online experience. For more tips, be sure to check out our guidelines for spotting online scams and top tips for protecting your Yahoo! Mail account. You can also head over to antispam.yahoo.com for additional information on protecting yourself online.

Read more »

This month in the UK, the Office of Fair Trade is promoting their annual Scams Awareness Month. In support of their efforts, I’ve posted some scam avoidance tips on the UK Mail Blog. Since they apply just as much across the pond as they do State-side, I wanted to share them with you too. The first step in helping you to stay scam-free is to recognize the types of scams that are out there. Here are the three most common types that come in email form (which I’m sure some of you have seen before):

1. Phishing scams – These are email scams that claim to be from an organization, like a bank, and they ask you click on a link which takes you to a Website that looks real but is, in fact, fake. When you log in with your account details and password on this fake site, the bad guys gain access to your private information.
2. Lottery Scams – These are emails that tell you have won a local or foreign lottery and to get the money you have to pay processing fees and send personal details.
3. Advance fee or fund transfer schemes – These are also called Nigerian ‘419’ scams where you receive an email, often times from someone claiming to be in Africa or Asia, and claiming that they have access to huge sums of cash but need your help getting it out of the country. In this scam, the criminal offers to send you a check for $100,000 and you send him back a personal check for $90,000 and keep the difference. The scam is, of course, that the initial check is bogus but may take several weeks to clear, by which point the criminal is long gone with your money.

You know what? Your bank will NEVER ask you for a password in an email, you have NOT won the lottery and all you end up with for those huge sums is a ZERO balance in your bank account. I’ve been collaborating with our Spam Czar, Mark, and we’ve come up with these tips to help you avoid the scammers:

1. If it sounds too good to be true, it probably is – If someone stopped you on the street and said he needed your help smuggling millions of dollars out of the country, you’d be pretty suspicious. We recommend the same type of skepticism when you’re online. If you didn’t enter that Sweepstakes or Lottery, there’s no way that you won. Be extra suspicious if someone offers to send you money up front — as honest as I’m sure you are, that wealthy prince who offers to buy your iPod for 10 times its value isn’t as gullible as he seems.
2. Check the FROM line – One big giveaway is when a seemingly official message originates from a generic e-mail address. If your bank has something to say to you, it won’t come from “security_services_293@freemail.com,” and when the IRS discovers a tax error in your favor, they won’t write to you from a personal account like “charlotte.magnolia@internetonline.gr” Check the return address and make sure it looks legit (including looking for spelling errors!)
3. Beware if someone requests personal information or any payment over e-mail – Yahoo! and other respected Internet companies will never request your username or password over e-mail, and neither will your bank, credit card company, or insurance agency. If a message is asking you to e-mail your sensitive information, that’s an immediate red flag. Likewise, legitimate companies will not request money up front for you to claim a prize you’ve won.

For good measure I’m including some of the choicest scam emails we’ve seen in the recent past. By arming with yourselves with the knowledge of what scams are out there and how to avoid them, you’ll be much safer online. As always, if you do see one of these scams, please do your part and click the “Spam” button inside Yahoo! Mail – it’s the single strongest way to let us know so that we can block these terrible messages.

Read more »

I think, by now, you are all familiar with Mark, our resident anti-spam czar. If not, Mark has graced this blog a number of times before. Most recently he conducted an anti-spam workshop in addition to letting us know how we’re cracking down Lottery scams on our corporate Yodel blog. Today, he’s back with more great news on how he and his team are working to keep you safer for 2009. So without further ado, here’s Mark….

——————————————

At Yahoo!, we take spam seriously. And as I’ve told you before, we’ve got some of the smartest computer scientists in the world working to ensure Yahoo! Mail users receive all the mail they want…and none that they don’t. It’s a huge challenge and the bad guys are always out there trying to make a buck with their scams, but we’re committed to helping keep you safer online.

One way we’re turning up the heat on the spammers is by utilizing even more state-of-the-art technology. Recently, Yahoo!’s anti-spam team has been using a “supercomputer” consisting of thousands of individual PCs — part of our open source Hadoop project — to help detect spammers. We’re teamed up with several top universities on this research, looking for more ways to find and block the bad guys even faster, before they can do their damage.

We’re also out there working with partners big and small to help reduce spam across the Internet. We’ve seen some promising early results from one such company, a startup named Abaca, and our hopes are high that together we can block even more of these messages by looking at spammers’ behavior in addition to the contents of their spammy messages.

Closely related to all of this is that we need to ensure the right messages still get through, that we don’t throw out the proverbial baby with the bathwater. With the help of our friends at Return Path, we’re relaunching our Complaint Feedback Loop for commercial e-mail companies. With the CFL, legitimate companies receive notification when users mark a message as “spam,” and those companies can then use that feedback to help them fix the problems on their end. For example, a company may have used a confusing subject line, or accidentally sent to the wrong mailing list; with the CFL, we can get that information to them so they can quickly correct the problem.

As always, I’ll close with a reminder that, if Yahoo! Mail does let something slip through into the wrong folder — either allowing spam into your inbox or mistakenly putting a good message in your Spam folder — please use the “Spam” and “Not Spam” buttons to let us know. Clicking those buttons sends an immediate and powerful signal to our systems (and to me :) so that we can quickly try to correct the problem. It’s the best way for us to get better, and to continue keeping your e-mail experience great!

Mark Risher,
Anti-Spam Czar

Read more »

As you may have heard, we’ve been working on a new smarter inbox to help make your life easier. We’re happy to announce that today, some of you will begin to experience the smarter inbox, and we wanted to give everyone a chance to see what it looks like and what it can do.

The smarter inbox experience features a new Yahoo! Mail Welcome Page which surfaces messages, information and activity updates you care about most, as well as an updated inbox and folder view that filters messages from your personal connections.

The smarter Yahoo! Mail inbox also gives you immediate access to relevant third-party applications like Flickr, Flixster and Xoopit allowing you to do much more, and be more efficient, all from within your inbox. Take a look now and let us know what you think!

- Yahoo! Mail Team

Update: We are conducting a very limited beta test right now of the open applications in Yahoo! Mail. Only our power users, who were invited into the limited beta, can test out the new applications at beta.mail.yahoo.com. We will be extending this beta test to additional users over the coming months.

Read more »