Menu
Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner

Facebook and Yahoo have developed a mechanism to prevent the owners of recycled email addresses from hijacking accounts that were registered on other sites using those addresses in the past.

Last year, Yahoo announced a policy that involves deleting inactive email accounts and making their IDs available again for registration. Microsoft has been doing the same with Outlook.com accounts.

The practice of recycling email addresses has been criticized by security and privacy experts because it opens up the door to abuse. Attackers could register deleted addresses and take over accounts on third-party sites that use them for confirming password change requests. In addition, the recycled addresses might continue to receive messages containing sensitive information that is destined for their previous owners.

Facebook's security team studied the impact of email address recycling for the site's users and has worked with Yahoo to mitigate the potential security risks. Employees from the two companies have developed a mechanism that involves adding a new field in the header of sensitive email messages to include the date since the sender has known the recipient's address.

The email provider can check if the receiving account has changed owners since the date specified in this field, and if it has, it can block the message from being delivered because it was likely intended for a previous owner.

The new field is called Require-Recipient-Valid-Since and is defined as part of an extension to the Simple Mail Transfer Protocol (SMTP) called RRVS. For now the mechanism is used by Facebook and Yahoo, but the new SMTP extension was published as a proposed standard by the Internet Engineering Task Force and can be adopted by others as well.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Yahooonline safetyMicrosoftsecurityAccess control and authenticationIdentity fraud / theftprivacyFacebook

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments