[HN Gopher] Yahoo admits mangling e-mail (2002) ___________________________________________________________________ Yahoo admits mangling e-mail (2002) Author : Andoryuuta Score : 174 points Date : 2022-07-02 15:33 UTC (7 hours ago) (HTM) web link (news.bbc.co.uk) (TXT) w3m dump (news.bbc.co.uk) | iso1631 wrote: | Obligatory Tom Scott video on the Scunthorpe problem | | https://www.youtube.com/watch?v=CcZdwX4noCE | Mo3 wrote: | Simpler times.. sometimes I miss them. | uudecoded wrote: | This literally caused me to have a bad taste in my mouth when I | was in high school: | | My yearbook advisor sent yahoo mail and asked what I would like | to be picked up at Starbucks for an early morning meeting the | next day. | | "Caramel Mocha, thank you!", I replied. | | The next morning, I was surprised with an undrinkable "Caramel | espresso" - an espresso with a pump of caramel syrup. I thought | she had made an innocent mistake and was shocked to see there was | in fact a difference between my sent text and her received text. | I had no explanation. | | After some years in web dev, and encountering this article, I | realized that, as the precursor to javascript - the script type | "mocha" was valid, so yahoo just went ahead and replaced all | references to mocha with something that probably seemed innocuous | to a junior developer - except it wasn't. | meltyness wrote: | This concoction is "the regular" for me. | sdwr wrote: | When I worked at starbucks I loved that shit! 2 shots of | blonde espresso, a pump of caramel and a liiittle bit of | steamed half+half. Thinking about it now makes me feel sick | though. | iamtheworstdev wrote: | are you aware that it's undrinkable? ;-) | starik36 wrote: | They are still mangling it. If you are setting up IMAP, they only | allow you to download the latest 10,000 messages. | mr-ron wrote: | Tangent related to this. I had an old yahoo mail address from | late 90s till mid 00s before I switched to gmail. Lots of family | / high school / college / early professional emails were there. | | The other month I logged in to view them as I do every so often | and yahoo had purged the entire archive. Like 20MB worth of | emails gone. | | Apparently they have a policy if you do not log in in a year of | time they will delete everything with no way to recover. | | I can't imagine the decision making to put this policy in nor | could I ever imagine using yahoo email again for any purpose | whatsoever. | sethammons wrote: | You can't imagine paying for storage of things that appear to | not be used when you are giving it away free? | interestica wrote: | How are they giving it away for free? | melvinram wrote: | When they don't charge money for it and you're not using it | (so no views for ads), they aren't getting paid and it's | costing them storage money. How is it hard to see that they | are giving it away for free? | Firmwarrior wrote: | Because if they didn't treat their customers like crap, | they might still theoretically have had customers at some | point in the future | bombcar wrote: | Someone who doesn't login and doesn't pay is not much of | a customer. | cratermoon wrote: | Someone who uses an ad-supported service for free is not | a customer. | criddell wrote: | I surprised you could even log in. I thought Yahoo was going to | start recycling email addresses (which seems like a terrible | idea). | tyrfing wrote: | Microsoft has had a similar policy, although they entirely | delete the account instead. Same for smaller companies like | GMX. | | Definitely a contributor to sticking with Gmail. | alar44 wrote: | You don't store important information in free email services. | unixbane wrote: | Wow we should all use only Google because they are the only | good and trustworthy email provider. Why do we even need email | at all? There should just be a simplified protocol or webapp | that stores everything on Google and manages all your | authentication tokens for every website you use. | | </sarcasm> yup that was the end game for email as we knew | already 20 years ago | reid wrote: | Full disclosure: I work on Yahoo Mail, but I'm not speaking for | my employer. | | Yes, this can happen after 12 months of inactivity for free | accounts. Policy: https://help.yahoo.com/kb/SLN2018.html | | For context, Gmail has a policy which allows for deletion after | 2 years of inactivity: | https://www.google.com/gmail/about/policy/ | | I'm sorry the service didn't meet your expectation, but for | others here who are curious, there are some options for keeping | email storage active! These days there are paid Yahoo Mail | accounts available which retain email for as long as you have | the subscription active. (Or you can log in once a year with a | free account.) | | You can also use a IMAP app to save a local archive of all of | your email. This works for all accounts, even free ones! More: | https://help.yahoo.com/kb/SLN5033.html | enlyth wrote: | Gmail definitely does not enact this policy. Me and a friend | managed to log into a shared gmail account recently we had | from high school, to which no one logged in for more than a | decade. | londons_explore wrote: | To my knowledge gmail has never purged unused accounts. | | It would be a security nightmare to let anyone else | register and reuse an email address anyway. So the only | benefit is saving a little disk space. | | But disk space for highly compressible text that will | probably never be accessed is super cheap. | eastbound wrote: | If someone had IMAP and sync with their mobile enabled, | would it count as a login? | iforgotpassword wrote: | What totally enraged me about this is that the policy was | apparently introduced long after I created my account. At | some point when I switched to Gmail, I set up yahoo to | forward to it. This worked for years. Then this policy kicked | in and from one day to the other, the Yahoo account was | deleted. No warning was sent to the Gmail address beforehand. | There wasn't much going on on the Yahoo account anyways, so I | only noticed it much later. I have an old YouTube account | that I signed up to with that yahoo address that I can't | access anymore, and not do the recovery process because | email. | | Easy, just recreate that Yahoo account right? Wrong, to suck | even more, yahoo now only offers new Email accounts on their | .com domain. Mine wasn't on the .com domain. But existing | accounts on the other domains still work fine, so they need | to keep up that infra anyways. | geoduck14 wrote: | >Full disclosure: I work on Yahoo Mail, but I'm not speaking | for my employer. | | I've worked for large corporations before, and I have had | training g that _explicitly_ told me not to "go on social | media, disclose my affiliation, and then run text support". | | I'm not going to tell you how to post on HN - cause I _love_ | hearing true tech stories, but you might consider caution | robin_reala wrote: | I work for a large corp and I've explicitly OKed it with | the social media team that it's OK for me to engage with | customer complaints online to get them resolved if | necessary. There are a few guidelines, but they're easy to | meet. | cratermoon wrote: | In my experience, this cuts two ways. Some companies hire | what about to PR flacks to respond to complaints with | bland, vague apologies and company hype. The _good_ | companies have real support people tasked specifically | with engaging on social media to help users fix issues, | especially common ones. As you might expect, I tend to | prefer to do business with the latter, and I suspect I 'm | not alone. | PyWoody wrote: | One of the things that makes HN special is getting | frontline insights like what OP gave. Almost any thread | with a major issue/outage will have such a comment. Most of | the time, it will come directly from a CTO/CEO. | jrimbault wrote: | Just this afternoon I was with my father looking for a way to | backup all of his emails on his yahoo account. | | I was looking "naively" for the button to request all of his | personal data. I didn't find one and there's probably one | somewhere I'm guessing. | | I resigned myself to set up Outlook on his computer and make | a manual backup. | reid wrote: | Yes, I believe a local IMAP backup is the way to go. | idorosen wrote: | I use getmail (similar to fetchmail) to routinely archive | (i.e., sync without deleting + reindex) all of my emails | from various free accounts, just in case. It can save to | mbox, Maildir, mh, and other formats that are easy to | import to any MUA/LDA. This is worth doing for all e-mail, | and I have a patch to make it support OAuth. I don't think | it supports JMAP, but it's great for IMAP, Gmail, and Yahoo | mail and deduplicates messages by ID and content, etc. | while preserving tags/mailboxes (if saved as Maildir). I | highly recommend running something like that in a cron job | somewhere once a week to sync locally with some sanity | checks (e.g., did it save any new messages? did the folder | grow? Etc.) | | I also use it to save Spam/Junk folders, which then comes | in very handy to train my local spam classifier for my | self-hosted mail servers with lots of data. (Over 3TB of | spam saved so far and about 20GB of ham.) | | Gmail's spam filter has had a higher false positive rate | than usual for me lately, so I have a little report emailed | to me once a week of likely ham in my gmail spam box, which | has found at least 3 messages per week that I missed. | davchana wrote: | I use a mix of google email labels, apps script, | spreadsheet & drive folder to download every email (older | than 15 days, so that I have enough time to delete it) as | .eml files in Google drive folder, which by turn downloads | it to my local disk. | | The spreadsheet keeps log of each msg in a thread. | | Labels marks the downloaded emails. | | Apps script run on a trigger & does the heavy lifting of | actually downloading the .eml. | katzgrau wrote: | Yeah well when `df` tells you the disk is at 100%, gotta start | somewhere | rybosome wrote: | I discovered that recently as well and was very disappointed. I | understand why this happened from Yahoo's perspective, but it | sucks nonetheless. | plasma_beam wrote: | Same here, though I still login from time to time, mostly | because my apple id is still tied to the account. My emails are | still there too. | dm319 wrote: | I remember this was standard back in the day, and I think the | time period was even shorter. Think it happened to me on | Hotmail at 3 months. | d4a wrote: | It's the Sc**horpe problem all over again | kstrauser wrote: | Clbuttic problem with content filtering. | sqlacid wrote: | Classic comment | kevin_thibedeau wrote: | Easy there. HN doesn't like harsh language. | dredmorbius wrote: | Scunthorpe approved! | Andoryuuta wrote: | Came across this and thought it was an... amusing filter. | lbriner wrote: | Yahoo's latest tactic is just to insist on complete DMARC | alignment to even stand a chance of being delivered. We have no | problems with pretty much any other provider apart from them. And | of course, they won't help you understand what is wrong with a | particular message and how to avoid spam traps because "that | would help phishing", which of course is patently nonsense since | GMail pretty much tell you how to keep you mail acceptable. | cmeacham98 wrote: | I have 100% compliance with DMARC, DKIM, SPF, reverse DNS | records set, a valid SSL cert - and Yahoo still drops half my | mail. Works at basically every other major provider: Gmail, | AOL, iCloud, Outlook, Yandex, etc. | | My conclusion is that Yahoo's spam filters just suck in | general. | reid wrote: | Full disclosure: I work on Yahoo Mail, but I'm not speaking | for my employer. | | Have you checked out CFL? If users mark sender's messages as | spam, it can impact that sender's deliverability. The CFL can | help avoid these recipients by understanding spam reports. | | More best practices for deliverability: | https://senders.yahooinc.com/best-practices/ | guilamu wrote: | Same here, most of mine are just delayed though. | kstrauser wrote: | And yet, during my annual login to the Yahoo account I keep | around out of morbid curiosity, it's full of spam. It seems | like refusing to accept inbound mail would be an improvement | in their filtering. | ec109685 wrote: | AOL and Yahoo mail have very similar backends given they are | owned by same company. | guilamu wrote: | I'm managing an email serveur sending around 1 million emails a | month. | | Since a while now, yahoo are delaying emails for 12 h to 48 h. | I have 0 issue anywhere else than yahoo. | | Not a single email sent by this server has been flagged has | spam according to their own support staff. | | I have no idea what to do to fix those delays and it seems they | have no idea either... | billpg wrote: | I get not wanting to forward JS in email messages onto your | customers whose browsers will run it and forward your login | cookies to criminals. | | I do not get thinking that replacing the word "eval" with | "review" is a solution to that problem. | unixbane wrote: | Content modification usually leads to vulns (e.g, XSS filters, | possible bitsquatting enabled here if they change URLs or | breaking array bounds checks in programs). Classic 90s security. | Too bad 90s security never went away. | haunter wrote: | Why the Archive.org link? | | http://news.bbc.co.uk/2/hi/science/nature/2138014.stm | Andoryuuta wrote: | Oh! To be entirely honest, I got the link directly from a | reference on a Wikipedia page, so I assumed the old link must | be down since it was using archive.org. | | With that being said, the archive.org link is probably better | in case anyone comes across this HN discussion in the future. | dang wrote: | We ask people not to do that because it's important for | readers to see the original provenance of the article, e.g. | in the site name displayed to the right of the title. | | " _Please submit the original source. If a post reports on | something found on another site, submit the latter._ " | | https://news.ycombinator.com/newsguidelines.html | | If the original article is really not available anywhere else | on the web and is interesting enough for a good HN thread, | posting archive.org is ok. | Andoryuuta wrote: | Noted. Thanks for updating the link! | VoidWhisperer wrote: | I think Wikipedia references are encouraged to use archive | links because it will show the page at the time that they | used it as a reference as opposed to linking to the live page | which can change at any time. | gbear605 wrote: | Wikipedia references should include both the live url and | the archive url, and then set the "dead" flag to either | true or false to choose which url to link to. Probably | either an automated process or an inattentive user falsely | marked the url as dead. | runlevel1 wrote: | Wikipedia has been around long enough that many of the | citation links pointing to other websites are broken. So | there are several wiki bots that go around replacing direct | links with links to the archived pages. | jwilk wrote: | https://en.wikipedia.org/wiki/Scunthorpe_problem links both | to the live page and to the archived copy (in that order). | | Linking _only_ to an archived copy when the original is | still live would be unusual. | benbristow wrote: | Not often I give props to the BBC, but impressive how they've | managed to keep that page/article working for so long. Even | most of the links on the page still take you to somewhere | relevant and the search box still works. | | Surprised they haven't bothered to try and migrate the old | articles to their newer systems though! | dmw_ng wrote: | The genius is exactly that they haven't bothered. Can you | imagine the flow of layout bugs over the past 20 years, or | the managers calling to scrap old content because it's | generating so much workload? | | That's very much a successful case of avoiding needless | technology | benbristow wrote: | Serving up unsecure HTTP pages isn't ideal though. | [deleted] | mgdlbp wrote: | CNN still has its very first pages from 1995 | http://www.cnn.com/EVENTS/timeline/ | | Its site design in the early 2000s was much like the BBC's ht | tp://www.cnn.com/2000/TECH/computing/08/11/email.hoaxes/in... | | Past headlines remain relentlessly interesting... https://web | .archive.org/web/20000815060311/http://www.cnn.co... | londons_explore wrote: | I guess it's still running on the original server... the page | took about 30 seconds to load for me! | endorphine wrote: | It took less than 1sec for me, on mobile w/ 4G. | dang wrote: | We've changed to that now from https://web.archive.org/web/2021 | 0126143212/http://news.bbc.c.... Thanks! | onionisafruit wrote: | Interesting that this is in the Science/Nature section. I | wonder why not Technology. | bcraven wrote: | Here's a contemporary site where the users discuss their | confusion. | | "When did "Medireview" = Medieval???" | | https://www.enworld.org/threads/when-did-medireview-medieval... | doodlesdev wrote: | > Actually, it appears to be a real term and not a mistake. I'm | finding "medireview" in a lot of places on the web in place of | the more traditional "medieval," even in university and college | catalogs. > Interesting. | | This is the funniest forum thread I've seen in ages | re wrote: | Another humorous example from the second page of that thread: | | > speaking of which, did anyone else who owns the 2e Wizard's | Spell Compendium notice that the term "dawizard" appeared | wherever "damage" should have been? | iggldiggl wrote: | "It was as if a light had been Nookd..." | (https://languagelog.ldc.upenn.edu/nll/?p=3994) | jeanlucas wrote: | That's some nice collateral effect | yvoschaap wrote: | I remember sending fake Yahoo login forms as html attachments. | eval() & alert() fix: | | `const ev = 'ev', al = 'al', ert = 'ert'; window[ev + | al](window[al + ert]('hi'))` | londons_explore wrote: | block the word 'window' and I don't think your approach is | possible? | kragen wrote: | Just use 'this'. | robinhouston wrote: | This is very funny. At least one of the resulting words is | sufficiently attested to have been recorded by Wiktionary. | | https://en.wiktionary.org/wiki/medireview | | > Etymology: Coined accidentally by Yahoo! Mail in 2001, from | medieval by automated string substitution of review for eval, a | Javascript command short for evaluate. | re wrote: | medireview =~ s/review/eval/ | | Medieval is one of those words that I have never been able to | remember how to spell, maybe this will be a mnemonic that | sticks. | somebodynew wrote: | I had the same problem and eventually settled on "medical | evaluation" as a mnemonic. | IncRnd wrote: | A mnemonic that suits more cases is, "i before e, except | after c." | cratermoon wrote: | That rule has so many exceptions that there's another | mnemonic for remembering the exceptions. | | 1 https://en.wikipedia.org/wiki/I_before_E_except_after_C#E | xce... | cratermoon wrote: | %s/eval/review/g | annexrichmond wrote: | Interesting that the article is filed under `Science/Nature` | instead of `Technology` | JohnJamesRambo wrote: | I feel like my IQ increased 20 points just looking at a page laid | out like this. | mushufasa wrote: | if you viewed it on an 800 x 600 screen, it would look | appropriate | alberth wrote: | I think you mean, "if you viewed this on a screen 13+ inches" | because nearly all displays now are way more than 800x600 | resolution. | mushufasa wrote: | no I don't; this is hardcoded to a specific pixel width | kube-system wrote: | Looks great on my Apple Watch. | alberth wrote: | Information hierarchy is extremely underrated. | | It's surprisingly hard to do which is why these days so few do | it, plus screen real estate on mobile adds additional | challenges. | ape4 wrote: | Dates like "03 Jan 01" knocked it back down a bit | lucakiebel wrote: | Yes. ISO-8601 all the things | 1vuio0pswjnm7 wrote: | Dumb user question: Why is this URL redirecting to https:// from | http:// | cratermoon wrote: | You should always use SSL and secure encryption when possible. | In fact, sticking with http is such a bad idea that most | websites are now using https by default. | | The real question is: why did the OP provide a bare http link? | Something sitting around in a bookmarks file from 2002? | brrrrrm wrote: | Some of the phrasing is quite fascinating! E.g. "kidnap personal | information" ___________________________________________________________________ (page generated 2022-07-02 23:00 UTC)