Blog‎ > ‎

Yahoo Mail - What's wrong with it

posted Jan 29, 2012, 3:51 AM by Sami Lehtinen   [ updated Jan 25, 2014, 10:54 PM ]
Here's my little rant about Yahoo! Mail. It's clearly not a good choice as your primary email provider.
  • There is daily message quota, when you have sent enough messages, it says that you can send more messages tomorrow. Limit is quite low. Because I have set it often when having my "email day", when I take care of all my queued mails. I assume that limit is something like ~200 mails. +/- 50 mails. Maybe number of recipients also affects it. But limit is very annoying for active email user.When daily send quota is full, it seems that some messages just disappear and aren't left in outbox to be sent tomorrow. This is really really bad thing.
  • When receiving larger quantities of email, service starts  blocking mail traffic.
    Diagnostic-Code: X-Postfix; delivery temporarily suspended: host
        mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [TS02]
        Messages from 205.251.134.191 temporarily deferred - 4.16.56.1; see
  • IMAP often times out or doesn't respond to ping. Connecting simply dies. Simple tasks like moving message to another folder, can take several minutes.
  • IMAP doesn't support IMAPX (IMAP+ / IMAP IDLE)
  • SMTP servers do not allow parallel SMTP sessions. Making delivering larger email batches slow.
  • Asks way too often to solve CAPTCHA code, if email contains link(s).
  • Several encryption / security issues:
    • Web interface doesn't use HTTPS  (after password is given) or IP-address change checks. Stealing session cookie is absolutely possible and using it from other IP allowing session hijacking attack.
    • Yahoo's SMTPS server and IMAP servers got at times invalid TLS certificates. If I can't verify certificate every time, it means that I have to accept invalid certificates, making MITM attack very easy. This kind of MITM attack allows easy way to steal passwords when traveling or using unknown WLAN.
    • MTA's do not use TLS at all. So all email is actually being transported in clear for inbound and outbound traffic.
    • No 2FA support.
    • Even if I have configured my Yahoo sessions to expire in 24 hours, my mobile sessions last longer. This is quite interesting. It shouldn't be unclear that 24 hour session should last max 24 hours.
Are there any positive things? - Yep, a few.
  • Web interface is pretty much working one.
  • European services are run from European based servers.
  • Temporary email addresses, I just love those. Of course you can get similar service from TrashMail or SpamGourmet. But using these services adds proxies, complexity, unreliability to incoming and outgoing email handling.

Based on these issues, I wouldn't recommend Yahoo Mail as email provider for anyone. Except if you use it for secondary purposes, and do not transfer any private information using it.