[HN Gopher] Yahoo admits mangling e-mail (2002)
___________________________________________________________________
Yahoo admits mangling e-mail (2002)
Author : Andoryuuta
Score : 174 points
Date : 2022-07-02 15:33 UTC (7 hours ago)
(HTM) web link (news.bbc.co.uk)
(TXT) w3m dump (news.bbc.co.uk)
| iso1631 wrote:
| Obligatory Tom Scott video on the Scunthorpe problem
|
| https://www.youtube.com/watch?v=CcZdwX4noCE
| Mo3 wrote:
| Simpler times.. sometimes I miss them.
| uudecoded wrote:
| This literally caused me to have a bad taste in my mouth when I
| was in high school:
|
| My yearbook advisor sent yahoo mail and asked what I would like
| to be picked up at Starbucks for an early morning meeting the
| next day.
|
| "Caramel Mocha, thank you!", I replied.
|
| The next morning, I was surprised with an undrinkable "Caramel
| espresso" - an espresso with a pump of caramel syrup. I thought
| she had made an innocent mistake and was shocked to see there was
| in fact a difference between my sent text and her received text.
| I had no explanation.
|
| After some years in web dev, and encountering this article, I
| realized that, as the precursor to javascript - the script type
| "mocha" was valid, so yahoo just went ahead and replaced all
| references to mocha with something that probably seemed innocuous
| to a junior developer - except it wasn't.
| meltyness wrote:
| This concoction is "the regular" for me.
| sdwr wrote:
| When I worked at starbucks I loved that shit! 2 shots of
| blonde espresso, a pump of caramel and a liiittle bit of
| steamed half+half. Thinking about it now makes me feel sick
| though.
| iamtheworstdev wrote:
| are you aware that it's undrinkable? ;-)
| starik36 wrote:
| They are still mangling it. If you are setting up IMAP, they only
| allow you to download the latest 10,000 messages.
| mr-ron wrote:
| Tangent related to this. I had an old yahoo mail address from
| late 90s till mid 00s before I switched to gmail. Lots of family
| / high school / college / early professional emails were there.
|
| The other month I logged in to view them as I do every so often
| and yahoo had purged the entire archive. Like 20MB worth of
| emails gone.
|
| Apparently they have a policy if you do not log in in a year of
| time they will delete everything with no way to recover.
|
| I can't imagine the decision making to put this policy in nor
| could I ever imagine using yahoo email again for any purpose
| whatsoever.
| sethammons wrote:
| You can't imagine paying for storage of things that appear to
| not be used when you are giving it away free?
| interestica wrote:
| How are they giving it away for free?
| melvinram wrote:
| When they don't charge money for it and you're not using it
| (so no views for ads), they aren't getting paid and it's
| costing them storage money. How is it hard to see that they
| are giving it away for free?
| Firmwarrior wrote:
| Because if they didn't treat their customers like crap,
| they might still theoretically have had customers at some
| point in the future
| bombcar wrote:
| Someone who doesn't login and doesn't pay is not much of
| a customer.
| cratermoon wrote:
| Someone who uses an ad-supported service for free is not
| a customer.
| criddell wrote:
| I surprised you could even log in. I thought Yahoo was going to
| start recycling email addresses (which seems like a terrible
| idea).
| tyrfing wrote:
| Microsoft has had a similar policy, although they entirely
| delete the account instead. Same for smaller companies like
| GMX.
|
| Definitely a contributor to sticking with Gmail.
| alar44 wrote:
| You don't store important information in free email services.
| unixbane wrote:
| Wow we should all use only Google because they are the only
| good and trustworthy email provider. Why do we even need email
| at all? There should just be a simplified protocol or webapp
| that stores everything on Google and manages all your
| authentication tokens for every website you use.
|
| </sarcasm> yup that was the end game for email as we knew
| already 20 years ago
| reid wrote:
| Full disclosure: I work on Yahoo Mail, but I'm not speaking for
| my employer.
|
| Yes, this can happen after 12 months of inactivity for free
| accounts. Policy: https://help.yahoo.com/kb/SLN2018.html
|
| For context, Gmail has a policy which allows for deletion after
| 2 years of inactivity:
| https://www.google.com/gmail/about/policy/
|
| I'm sorry the service didn't meet your expectation, but for
| others here who are curious, there are some options for keeping
| email storage active! These days there are paid Yahoo Mail
| accounts available which retain email for as long as you have
| the subscription active. (Or you can log in once a year with a
| free account.)
|
| You can also use a IMAP app to save a local archive of all of
| your email. This works for all accounts, even free ones! More:
| https://help.yahoo.com/kb/SLN5033.html
| enlyth wrote:
| Gmail definitely does not enact this policy. Me and a friend
| managed to log into a shared gmail account recently we had
| from high school, to which no one logged in for more than a
| decade.
| londons_explore wrote:
| To my knowledge gmail has never purged unused accounts.
|
| It would be a security nightmare to let anyone else
| register and reuse an email address anyway. So the only
| benefit is saving a little disk space.
|
| But disk space for highly compressible text that will
| probably never be accessed is super cheap.
| eastbound wrote:
| If someone had IMAP and sync with their mobile enabled,
| would it count as a login?
| iforgotpassword wrote:
| What totally enraged me about this is that the policy was
| apparently introduced long after I created my account. At
| some point when I switched to Gmail, I set up yahoo to
| forward to it. This worked for years. Then this policy kicked
| in and from one day to the other, the Yahoo account was
| deleted. No warning was sent to the Gmail address beforehand.
| There wasn't much going on on the Yahoo account anyways, so I
| only noticed it much later. I have an old YouTube account
| that I signed up to with that yahoo address that I can't
| access anymore, and not do the recovery process because
| email.
|
| Easy, just recreate that Yahoo account right? Wrong, to suck
| even more, yahoo now only offers new Email accounts on their
| .com domain. Mine wasn't on the .com domain. But existing
| accounts on the other domains still work fine, so they need
| to keep up that infra anyways.
| geoduck14 wrote:
| >Full disclosure: I work on Yahoo Mail, but I'm not speaking
| for my employer.
|
| I've worked for large corporations before, and I have had
| training g that _explicitly_ told me not to "go on social
| media, disclose my affiliation, and then run text support".
|
| I'm not going to tell you how to post on HN - cause I _love_
| hearing true tech stories, but you might consider caution
| robin_reala wrote:
| I work for a large corp and I've explicitly OKed it with
| the social media team that it's OK for me to engage with
| customer complaints online to get them resolved if
| necessary. There are a few guidelines, but they're easy to
| meet.
| cratermoon wrote:
| In my experience, this cuts two ways. Some companies hire
| what about to PR flacks to respond to complaints with
| bland, vague apologies and company hype. The _good_
| companies have real support people tasked specifically
| with engaging on social media to help users fix issues,
| especially common ones. As you might expect, I tend to
| prefer to do business with the latter, and I suspect I 'm
| not alone.
| PyWoody wrote:
| One of the things that makes HN special is getting
| frontline insights like what OP gave. Almost any thread
| with a major issue/outage will have such a comment. Most of
| the time, it will come directly from a CTO/CEO.
| jrimbault wrote:
| Just this afternoon I was with my father looking for a way to
| backup all of his emails on his yahoo account.
|
| I was looking "naively" for the button to request all of his
| personal data. I didn't find one and there's probably one
| somewhere I'm guessing.
|
| I resigned myself to set up Outlook on his computer and make
| a manual backup.
| reid wrote:
| Yes, I believe a local IMAP backup is the way to go.
| idorosen wrote:
| I use getmail (similar to fetchmail) to routinely archive
| (i.e., sync without deleting + reindex) all of my emails
| from various free accounts, just in case. It can save to
| mbox, Maildir, mh, and other formats that are easy to
| import to any MUA/LDA. This is worth doing for all e-mail,
| and I have a patch to make it support OAuth. I don't think
| it supports JMAP, but it's great for IMAP, Gmail, and Yahoo
| mail and deduplicates messages by ID and content, etc.
| while preserving tags/mailboxes (if saved as Maildir). I
| highly recommend running something like that in a cron job
| somewhere once a week to sync locally with some sanity
| checks (e.g., did it save any new messages? did the folder
| grow? Etc.)
|
| I also use it to save Spam/Junk folders, which then comes
| in very handy to train my local spam classifier for my
| self-hosted mail servers with lots of data. (Over 3TB of
| spam saved so far and about 20GB of ham.)
|
| Gmail's spam filter has had a higher false positive rate
| than usual for me lately, so I have a little report emailed
| to me once a week of likely ham in my gmail spam box, which
| has found at least 3 messages per week that I missed.
| davchana wrote:
| I use a mix of google email labels, apps script,
| spreadsheet & drive folder to download every email (older
| than 15 days, so that I have enough time to delete it) as
| .eml files in Google drive folder, which by turn downloads
| it to my local disk.
|
| The spreadsheet keeps log of each msg in a thread.
|
| Labels marks the downloaded emails.
|
| Apps script run on a trigger & does the heavy lifting of
| actually downloading the .eml.
| katzgrau wrote:
| Yeah well when `df` tells you the disk is at 100%, gotta start
| somewhere
| rybosome wrote:
| I discovered that recently as well and was very disappointed. I
| understand why this happened from Yahoo's perspective, but it
| sucks nonetheless.
| plasma_beam wrote:
| Same here, though I still login from time to time, mostly
| because my apple id is still tied to the account. My emails are
| still there too.
| dm319 wrote:
| I remember this was standard back in the day, and I think the
| time period was even shorter. Think it happened to me on
| Hotmail at 3 months.
| d4a wrote:
| It's the Sc**horpe problem all over again
| kstrauser wrote:
| Clbuttic problem with content filtering.
| sqlacid wrote:
| Classic comment
| kevin_thibedeau wrote:
| Easy there. HN doesn't like harsh language.
| dredmorbius wrote:
| Scunthorpe approved!
| Andoryuuta wrote:
| Came across this and thought it was an... amusing filter.
| lbriner wrote:
| Yahoo's latest tactic is just to insist on complete DMARC
| alignment to even stand a chance of being delivered. We have no
| problems with pretty much any other provider apart from them. And
| of course, they won't help you understand what is wrong with a
| particular message and how to avoid spam traps because "that
| would help phishing", which of course is patently nonsense since
| GMail pretty much tell you how to keep you mail acceptable.
| cmeacham98 wrote:
| I have 100% compliance with DMARC, DKIM, SPF, reverse DNS
| records set, a valid SSL cert - and Yahoo still drops half my
| mail. Works at basically every other major provider: Gmail,
| AOL, iCloud, Outlook, Yandex, etc.
|
| My conclusion is that Yahoo's spam filters just suck in
| general.
| reid wrote:
| Full disclosure: I work on Yahoo Mail, but I'm not speaking
| for my employer.
|
| Have you checked out CFL? If users mark sender's messages as
| spam, it can impact that sender's deliverability. The CFL can
| help avoid these recipients by understanding spam reports.
|
| More best practices for deliverability:
| https://senders.yahooinc.com/best-practices/
| guilamu wrote:
| Same here, most of mine are just delayed though.
| kstrauser wrote:
| And yet, during my annual login to the Yahoo account I keep
| around out of morbid curiosity, it's full of spam. It seems
| like refusing to accept inbound mail would be an improvement
| in their filtering.
| ec109685 wrote:
| AOL and Yahoo mail have very similar backends given they are
| owned by same company.
| guilamu wrote:
| I'm managing an email serveur sending around 1 million emails a
| month.
|
| Since a while now, yahoo are delaying emails for 12 h to 48 h.
| I have 0 issue anywhere else than yahoo.
|
| Not a single email sent by this server has been flagged has
| spam according to their own support staff.
|
| I have no idea what to do to fix those delays and it seems they
| have no idea either...
| billpg wrote:
| I get not wanting to forward JS in email messages onto your
| customers whose browsers will run it and forward your login
| cookies to criminals.
|
| I do not get thinking that replacing the word "eval" with
| "review" is a solution to that problem.
| unixbane wrote:
| Content modification usually leads to vulns (e.g, XSS filters,
| possible bitsquatting enabled here if they change URLs or
| breaking array bounds checks in programs). Classic 90s security.
| Too bad 90s security never went away.
| haunter wrote:
| Why the Archive.org link?
|
| http://news.bbc.co.uk/2/hi/science/nature/2138014.stm
| Andoryuuta wrote:
| Oh! To be entirely honest, I got the link directly from a
| reference on a Wikipedia page, so I assumed the old link must
| be down since it was using archive.org.
|
| With that being said, the archive.org link is probably better
| in case anyone comes across this HN discussion in the future.
| dang wrote:
| We ask people not to do that because it's important for
| readers to see the original provenance of the article, e.g.
| in the site name displayed to the right of the title.
|
| " _Please submit the original source. If a post reports on
| something found on another site, submit the latter._ "
|
| https://news.ycombinator.com/newsguidelines.html
|
| If the original article is really not available anywhere else
| on the web and is interesting enough for a good HN thread,
| posting archive.org is ok.
| Andoryuuta wrote:
| Noted. Thanks for updating the link!
| VoidWhisperer wrote:
| I think Wikipedia references are encouraged to use archive
| links because it will show the page at the time that they
| used it as a reference as opposed to linking to the live page
| which can change at any time.
| gbear605 wrote:
| Wikipedia references should include both the live url and
| the archive url, and then set the "dead" flag to either
| true or false to choose which url to link to. Probably
| either an automated process or an inattentive user falsely
| marked the url as dead.
| runlevel1 wrote:
| Wikipedia has been around long enough that many of the
| citation links pointing to other websites are broken. So
| there are several wiki bots that go around replacing direct
| links with links to the archived pages.
| jwilk wrote:
| https://en.wikipedia.org/wiki/Scunthorpe_problem links both
| to the live page and to the archived copy (in that order).
|
| Linking _only_ to an archived copy when the original is
| still live would be unusual.
| benbristow wrote:
| Not often I give props to the BBC, but impressive how they've
| managed to keep that page/article working for so long. Even
| most of the links on the page still take you to somewhere
| relevant and the search box still works.
|
| Surprised they haven't bothered to try and migrate the old
| articles to their newer systems though!
| dmw_ng wrote:
| The genius is exactly that they haven't bothered. Can you
| imagine the flow of layout bugs over the past 20 years, or
| the managers calling to scrap old content because it's
| generating so much workload?
|
| That's very much a successful case of avoiding needless
| technology
| benbristow wrote:
| Serving up unsecure HTTP pages isn't ideal though.
| [deleted]
| mgdlbp wrote:
| CNN still has its very first pages from 1995
| http://www.cnn.com/EVENTS/timeline/
|
| Its site design in the early 2000s was much like the BBC's ht
| tp://www.cnn.com/2000/TECH/computing/08/11/email.hoaxes/in...
|
| Past headlines remain relentlessly interesting... https://web
| .archive.org/web/20000815060311/http://www.cnn.co...
| londons_explore wrote:
| I guess it's still running on the original server... the page
| took about 30 seconds to load for me!
| endorphine wrote:
| It took less than 1sec for me, on mobile w/ 4G.
| dang wrote:
| We've changed to that now from https://web.archive.org/web/2021
| 0126143212/http://news.bbc.c.... Thanks!
| onionisafruit wrote:
| Interesting that this is in the Science/Nature section. I
| wonder why not Technology.
| bcraven wrote:
| Here's a contemporary site where the users discuss their
| confusion.
|
| "When did "Medireview" = Medieval???"
|
| https://www.enworld.org/threads/when-did-medireview-medieval...
| doodlesdev wrote:
| > Actually, it appears to be a real term and not a mistake. I'm
| finding "medireview" in a lot of places on the web in place of
| the more traditional "medieval," even in university and college
| catalogs. > Interesting.
|
| This is the funniest forum thread I've seen in ages
| re wrote:
| Another humorous example from the second page of that thread:
|
| > speaking of which, did anyone else who owns the 2e Wizard's
| Spell Compendium notice that the term "dawizard" appeared
| wherever "damage" should have been?
| iggldiggl wrote:
| "It was as if a light had been Nookd..."
| (https://languagelog.ldc.upenn.edu/nll/?p=3994)
| jeanlucas wrote:
| That's some nice collateral effect
| yvoschaap wrote:
| I remember sending fake Yahoo login forms as html attachments.
| eval() & alert() fix:
|
| `const ev = 'ev', al = 'al', ert = 'ert'; window[ev +
| al](window[al + ert]('hi'))`
| londons_explore wrote:
| block the word 'window' and I don't think your approach is
| possible?
| kragen wrote:
| Just use 'this'.
| robinhouston wrote:
| This is very funny. At least one of the resulting words is
| sufficiently attested to have been recorded by Wiktionary.
|
| https://en.wiktionary.org/wiki/medireview
|
| > Etymology: Coined accidentally by Yahoo! Mail in 2001, from
| medieval by automated string substitution of review for eval, a
| Javascript command short for evaluate.
| re wrote:
| medireview =~ s/review/eval/
|
| Medieval is one of those words that I have never been able to
| remember how to spell, maybe this will be a mnemonic that
| sticks.
| somebodynew wrote:
| I had the same problem and eventually settled on "medical
| evaluation" as a mnemonic.
| IncRnd wrote:
| A mnemonic that suits more cases is, "i before e, except
| after c."
| cratermoon wrote:
| That rule has so many exceptions that there's another
| mnemonic for remembering the exceptions.
|
| 1 https://en.wikipedia.org/wiki/I_before_E_except_after_C#E
| xce...
| cratermoon wrote:
| %s/eval/review/g
| annexrichmond wrote:
| Interesting that the article is filed under `Science/Nature`
| instead of `Technology`
| JohnJamesRambo wrote:
| I feel like my IQ increased 20 points just looking at a page laid
| out like this.
| mushufasa wrote:
| if you viewed it on an 800 x 600 screen, it would look
| appropriate
| alberth wrote:
| I think you mean, "if you viewed this on a screen 13+ inches"
| because nearly all displays now are way more than 800x600
| resolution.
| mushufasa wrote:
| no I don't; this is hardcoded to a specific pixel width
| kube-system wrote:
| Looks great on my Apple Watch.
| alberth wrote:
| Information hierarchy is extremely underrated.
|
| It's surprisingly hard to do which is why these days so few do
| it, plus screen real estate on mobile adds additional
| challenges.
| ape4 wrote:
| Dates like "03 Jan 01" knocked it back down a bit
| lucakiebel wrote:
| Yes. ISO-8601 all the things
| 1vuio0pswjnm7 wrote:
| Dumb user question: Why is this URL redirecting to https:// from
| http://
| cratermoon wrote:
| You should always use SSL and secure encryption when possible.
| In fact, sticking with http is such a bad idea that most
| websites are now using https by default.
|
| The real question is: why did the OP provide a bare http link?
| Something sitting around in a bookmarks file from 2002?
| brrrrrm wrote:
| Some of the phrasing is quite fascinating! E.g. "kidnap personal
| information"
___________________________________________________________________
(page generated 2022-07-02 23:00 UTC)