share: Is Yahoo Doing Enough To Protect Sensitive Emails?

Be sure to add WebProNews@ientrynetwork.net to your address book or safe sender list.

View All Videos

Don't Worry About Google Penalties From Invalid HTML (At Least for Right Now)

By Chris Crum

Ever wonder how the quality of your HTML is affecting your rankings in Google? Well, at least for the time being, it's not having any effect at all, regardless of how clean it is. Google's Matt Cutts said as much in a new Webmaster Help video.

Cutts was answering the following submitted question:

Does the crawler really care about valid HTML? Validating google.com gives me 23 errors and 4 warnings.

"There are plenty of reasons to write valid HTML, and to pay attention to your HTML, and to make sure that it's really clean and that it validates," says Cutts. "It makes it more maintainable. It makes it easier whenever you want to upgrade. It makes it much better if you want to hand that code off to somebody else. There's just a lot of good reasons to do it. At the same time, Google has to work with the web we have, not the web that we want to have. And the web that we have has a lot of syntax errors - a lot of invalid HTML, and so we have to build the crawler to compensate for that and to deal with all the errors and weird syntax that people sometimes mistakenly write in a broken way onto the web."

"So Google does not penalize you if you have invalid HTML because there would be a huge number of webpages like that," he says. "And some people know the rules and then decide to make things a little bit faster or to tweak things here or there, and so their pages don't validate, and there are enough pages that don't validate that we said, 'Okay, this would actually hurt search quality,' if we said, 'Only the pages that validate are allowed to rank or rank those a little bit higher'. First and foremost, we have to look at the quality of the information, and whether users are getting the most relevant information they need rather than someone has done a very good job of making the cleanest website they can."

"Now, I wouldn't be surprised if they correlate relatively well," he adds. "You know, maybe it's a signal we'll consider in the future, but at least for right now, do it because it's good for maintenance. It's easier for you if you want to change the site in the future. Don't just do it because you think it will give you higher search rankings."

Or maybe you should do it also because Google might decide to use it in the future, and then you'll have your bases covered.

What Kind of SEO Are You? And I'm not looking for a black and white answer

By: mjtaylor

There are lots of ways to approach or practice SEO – that is, there are different types of SEOs -- SEO copywriters, link builders, producers (coders and designers) – and different types of SEO (the things we practice) … categories such as Analytical / Technical (keyword research, site auditing, etc.); Theoretical – testing, exploring patents, et al.

I call myself an SEO copywriter.

How do you see yourself?

Thursday, September 26, 2013

If you used to be a Yahoo Mail user, but stopped using it in favor of another service a year ago or more, there's a chance that sensitive emails meant for you are being delivered to other people thanks to a recent move by Yahoo to give other users your old email address.

Do you think Yahoo's email address recycling program was a good idea? Let us know what you think in the comments.

Back in June, as you may recall, Yahoo announced that it would give away inactive email addresses and Yahoo IDs. They would only do so if the address had been inactive for at least a year. The idea was that Yahoo's loyal users would be able to get more desirable email addresses. Remember, part of the appeal of Gmail when it first came out was that people could get simple email addresses. If your name was John Smith, there was a good chance you could have gotten something like john.smith@gmail.com, for example. That's opposed to something like johnsmith935245435@gmail.com. Yahoo wanted to do the same for its users now that many have moved on to different services (including, but not limited to Gmail).

Yahoo notified those who had signed up to get different email addresses/Yahoo IDs of the ones they were able to get about a month ago. For those that didn't get what they wanted, Yahoo launched a "watchlist" feature, which allows users to pay a few dollars and have Yahoo keep an eye on the desired addresses, so they can be notified if they do become available. In other words, Yahoo intends to keep giving people email addresses that were once used by others.

People began criticizing Yahoo's move pretty much right after it was announced in early summer. Security experts warned of privacy and cybersafety issues that could arise from the initiative.

Wired writer Mat Honan, who made national headlines last year when his digital life was "destroyed" by hackers, called Yahoo's move a "terrible idea."

"It means that people will be able to claim Yahoo IDs and use them to take over other people's identities via password resets and other methods," he wrote at the time. "For example someone who uses a Yahoo email address solely as a backup for Gmail, and thus haven't logged into it for a long time, would be vulnerable to having that address taken over by a malicious individual who only wanted to ultimately get into the active Gmail address. You can see a chain of events where that could lead to taking over online banking accounts, social media accounts and the like."

"Nor would it be hard to discover some of these inactive addresses," he added. "You could, for example, find a dormant Flickr account which previously required a Yahoo email address."

Well-known security expert Graham Cluley, who has worked for security giants like McAfee and Sophos, was particularly critical of Yahoo's move. On his person blog, he called it "moronic."

After some of the initial concerns came out, Yahoo took to its own blog to try and ease them. Yahoo's Bill Mills wrote:

To communicate that a username has a new owner to e-commerce sites like "JoesAntiques.com," or social networking sites like Facebook, we'll allow them to "ask" for a new type of validation when sending an email to a specific Yahoo! user. The field, which can be requested via an email's header is called "Require-Recipient-Valid-Since."

We feel that our approach, which we've worked on with our friends at Facebook, is a good solution for both our users and our partners. Here's how it works:

If a Facebook user with a Yahoo! email account submits a request to reset their password, Facebook would add the Require-Recipient-Valid-Since header to the reset email, and the new header would signal to Yahoo! to check the age of the account before delivering the mail. Facebook users typically confirm their email when they sign up for the service or add new emails to their account, and if the "last confirmed" date that Facebook specifies in the Require-Recipient-Valid-Since header is before the date of the new Yahoo! username ownership, then the email will not be delivered and will instead bounce back to Facebook, who will then contact the user by other means.

This example illustrates how Facebook will do this – others will have their rules for determining their age requirement for the recipient / receiving account.

This is a new standard, being published with the IETF, that we'll be working with partners to implement, and one that other email service providers can adopt for similar efforts of their own.

The company also had this to say in a statement to Wired:

Our goal with reclaiming inactive Yahoo! IDs is to free-up desirable namespace for our users. We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data. It's important to note that the vast majority of these inactive Yahoo! IDs don't have a mailbox associated with them. Any personal data and private content associated with these accounts will be deleted and will not be accessible to the new account holder.

To ensure that these accounts are recycled safely and securely, we're doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, we'll send bounce back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties.

Cluley told WebProNews at the time, "Yahoo's response doesn't reassure me one bit. If the 'vast majority' of IDs covered by this action don't have associated email addresses, why not exclude all of the ones which do have email addresses from the guillotine?"

"I saw them say elsewhere that they would contact third party websites that might have accounts registered with one of the email addresses, which gave me the biggest laugh of all," he said. "I mean, there aren't that many websites out there, are there? The whole thing sounds utterly impossible to pull off competently, so they should throw the idea away in the trash can where it belongs."

Fast forward to this week. People have had the recycled addresses for a while now, and they've been getting other people's emails. Go figure. InformationWeek ran a story speaking with some of these users. Here's an excerpt with one of multiple stories from users:

Jenkins and other users who have obtained recycled Yahoo email IDs say, based on what they see in their inboxes, that identity theft concerns exist.

"I can gain access to their Pandora account, but I won't. I can gain access to their Facebook account, but I won't. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor's appointment last week and I was just invited to their friend's wedding," Jenkins said. "The identity theft potential here is kind of crazy."

What are your thoughts?

Comment Now...

Subscribe to our feed

About the Author:
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.