Skip to content
Home » security » There’s no need to apologize for having a Yahoo or Gmail account

There’s no need to apologize for having a Yahoo or Gmail account

I saw an assertion last week that Yahoo and Gmail accounts are less secure than an account that came straight from your ISP. Perhaps there was a time when this was true, but no longer. Today there are reasons to believe the exact opposite is true.

So, no, you don’t have to apologize for using a Yahoo or a Gmail account.

Here’s an example. In 2007, Paypal went to Yahoo and Google and proposed a simple way for Paypal to verify e-mail from them was real. (It’s called DKIM, if you’re interested.) This would make it easy for those two providers to identify spoofed Paypal messages. The two of them agreed, and that virtually eliminated spoofed Paypal e-mail.

So why did Paypal give preferential treatment to Google and Yahoo? Because they were the biggest. Get those two to work with you, and you get the biggest benefit for your time and effort.

And today, the next big thing in e-mail security is a new effort called DMARC, which adds authentication and reporting to e-mail. Guess what? Google and Yahoo are among the early adopters. Some ISPs are too. Is yours? Would you know?

DMARC is cool because if some bad guy starts sending spoofed Paypal messages to Gmail accounts, Google tells Paypal. So not only do I not get the mail, but Paypal automatically knows this is going on, and can go chase down the bad guy before he manages to steal much.

The big social networking sites or the big financial companies are all in on this, and more are on the way. But speaking as an mail-using end-user, I want to be one of the first to get this, not the last.

I’ve also found that Google and Yahoo have very good spam filters. Not perfect, but good, and probably better than most ISPs. I think Google’s is better than Yahoo’s. And both of them do virus checking on their side, and since the e-mail is web-based, the mail sits on their servers, never directly touching my drive.

I know from my brief tenure as a mail administrator that there is little, if anything an ISP can do that Google and Yahoo aren’t doing. And the process of stealing an e-mail account is the same, regardless of who’s running it: Connect to the mail server, then enter a username or a password. Maybe it takes a minute longer to find a given ISP’s mail server address than it takes to visit, but once you know the server name, you’re done.

But besides that, for a good while, when you subscribed to AT&T DSL and asked for an e-mail account, a Yahoo account was what they gave you anyway.

This may tell you all you need to know. I mentioned a couple of paragraphs above that I used to run a mail server. I could run my own mail server for myself if I wanted. And what do I do? I have Gmail and Yahoo accounts.

If you found this post informative or helpful, please share it!

3 thoughts on “There’s no need to apologize for having a Yahoo or Gmail account”

  1. I agree, 100%. I used to run my own mail server and it was a nightmare. I mean, the benefits did not justify the work load, that’s for sure. I had spam every single day. I was manually updating my spam rules every single day. Every night I would look through my mail server’s logs and look at the 50-100 different brute force attacks people had been attempting that day and block those IP addresses. Every day I had to deal with e-mail getting rejected because my IP wasn’t located in a recognized business space. And of course, if it ever went down (and it did, occasionally), I had no e-mail service.

    The other detriment was, when I changed ISPs, I lost my old e-mail address. I swore that would never happen to me again.

    All my e-mail goes through my domain name ( and gets forward to Gmail. When I send messages out, they appear to come from my domain. As long as I pay my $8.95 a year and keep that domain name, I’ll be covered. If anything ever happens to Gmail, I’ll forward it to the next service and my e-mail address will never change.

    Gmail … let’s just say, I’m a convert. Between the integration of their calendar and reminders with Gmail, and the fact that my phone automatically supports all of those same services, it’s much simpler for me to use their free service.

    I have had, on occasion, people (mostly Craigslist) tell me they won’t deal with a Gmail address because “too many spammers use them”. Whenever I get that I log back in to GMail and make it appear like it came from my, and suddenly they’re happy.

  2. Yahoo seems to be cleaning up their act. I now prefer their “new” web email UI to Hotmail’s. Lots of other subtle changes, too.

  3. I’ve been using Gmail for about two and a half years now, and can’t see myself ever using a non-Web-based email service again. I’ve only had a couple of spam e-mails that have ever made to my inbox. Every other piece of spam, and there aren’t that many, have always gotten tagged and sent to the spam folder. As Rob said, Gmail’s integration features just make it to easy to pass up.

Comments are closed.

%d bloggers like this: