It has been reported that some Yahoo Mail account users are seeing a surge in email SPAM. This is a relatively new development because although GMail remains the best player in town for SPAM filtering, Yahoo Mail wasn’t so bad – especially when compared to Hotmail. This is even more suprising if you take into account that Yahoo has been recently DMARC-certified (Domain-based Message Authentication, Reporting & Conformance), which is a protocol/policy that helps all DMARC members communicate among themselves in order to fight spam. Facebook, Google and Microsoft are also members – so you would expect Yahoo Mail to be less SPAM-prone, if anything.
Yet, according to select users, their surge of SPAM started recently, and from the surface it looks like spammers are able to somehow send emails while being logged into the user’s account. When a user is logged-in, the email is deemed secure and many SPAM filters/checks are disabled.
If that’s true, and there is no proof that it is, this would be very bad. The idea that someone can send stuff like that means that the account has been compromised.
Update: Yahoo has contacted us, and pointed out that they work really hard on protecting their users, even if it’s not perfect. Also, the company pointed out that usernames and passwords hacked on other high-profile websites can be used to break into Yahoo because users often use the same passwords in many sites.
That’s a very valid point that you should pay attention to. There are a few ways to protect yourself: 1/ use different passwords on different sites. It’s not convenient, but this would help a lot. 2/ use a 2-step sign-on. it’s more secure, but you will need a secondary device to receive a code.