I saw an assertion last week that Yahoo and Gmail accounts are less secure than an account that came straight from your ISP. Perhaps there was a time when this was true, but no longer. Today there are reasons to believe the exact opposite is true.
So, no, you don’t have to apologize for using a Yahoo or a Gmail account.
Here’s an example. In 2007, Paypal went to Yahoo and Google and proposed a simple way for Paypal to verify e-mail from them was real. (It’s called DKIM, if you’re interested.) This would make it easy for those two providers to identify spoofed Paypal messages. The two of them agreed, and that virtually eliminated spoofed Paypal e-mail.
So why did Paypal give preferential treatment to Google and Yahoo? Because they were the biggest. Get those two to work with you, and you get the biggest benefit for your time and effort.
And today, the next big thing in e-mail security is a new effort called DMARC, which adds authentication and reporting to e-mail. Guess what? Google and Yahoo are among the early adopters. Some ISPs are too. Is yours? Would you know?
DMARC is cool because if some bad guy starts sending spoofed Paypal messages to Gmail accounts, Google tells Paypal. So not only do I not get the mail, but Paypal automatically knows this is going on, and can go chase down the bad guy before he manages to steal much.
The big social networking sites or the big financial companies are all in on this, and more are on the way. But speaking as an mail-using end-user, I want to be one of the first to get this, not the last.
I’ve also found that Google and Yahoo have very good spam filters. Not perfect, but good, and probably better than most ISPs. I think Google’s is better than Yahoo’s. And both of them do virus checking on their side, and since the e-mail is web-based, the mail sits on their servers, never directly touching my drive.
I know from my brief tenure as a mail administrator that there is little, if anything an ISP can do that Google and Yahoo aren’t doing. And the process of stealing an e-mail account is the same, regardless of who’s running it: Connect to the mail server, then enter a username or a password. Maybe it takes a minute longer to find a given ISP’s mail server address than it takes to visit Gmail.com, but once you know the server name, you’re done.
But besides that, for a good while, when you subscribed to AT&T DSL and asked for an e-mail account, a Yahoo account was what they gave you anyway.
This may tell you all you need to know. I mentioned a couple of paragraphs above that I used to run a mail server. I could run my own mail server for myself if I wanted. And what do I do? I have Gmail and Yahoo accounts.