Stop Spam From Yahoo!
Yahoo was one of the first of the commercial "good guys" on the
web. Probably in a desperate attempt to defend their still huge market
cap and to bring down their still astronomical P/E, they have slithered further
and further off their pedestal. They have instituted a few "opt-out"
tactics that allow them to spam you and to spy on you as you get spammed.
Opt-out tactics assume that you want to be spammed and spied on,
and it's up to you to tell them otherwise.
This is a new low. It's sad to see this happen!
It's easy to fix these problems,
but you have to know that you have to!
Yahoo has a "feature" in Yahoo accounts called "marketing
They have set all your preferences to yes, as if you have
voluntarily asked for more spam! You have to explicitly opt out
(see below) to avoid the spam.
To make matters worse, they have taken information like
address and phone number, previously given in confidence to Yahoo Shopping,
and sold it to their partner spammers.
Who Is Affected
I believe anybody is affected who has a Yahoo id, for example a
Yahoo mailbox, a
portfolio on quote.yahoo.com, a
page on My Yahoo, is a member of
a Yahoo Group, or has done online
If you have many yahoo ids, you have to fix them all.
It's possible to join a Yahoo group by email address
without getting a Yahoo id.
I'm not sure if those email addresses will
get spammed by Yahoo, so I don't know whether to recommend
that those people sign up for a Yahoo id just to explicitly
turn off the spam, or whether they should leave well enough
alone. I also don't know if Yahoo harvests email addresses
in other ways, e.g. messages that are sent to or from
Yahoo mail accounts.
- Find an Account Info link on any Yahoo page that requires that
you sign in. For example, you can go to My Yahoo; once you are signed in you'll
see the link.
- Click on the Account Info link.
- Verify your password if it asks you to.
- Your Yahoo "ID card" should come up.
Click on Edit your marketing preferences somewhere near
the middle of that page.
- You'll probably see all the Yes buttons selected!
Before you go any further, you should probably go down to
Edit your Yahoo! Delivers preferences. This appears to be
yet another spam factory, and if you click all the No
buttons before this step, they'll be reset after you're done with
"Yahoo Delivers". (Under "Yahoo Delivers", there are a number
of ways to say no; I chose them all!) After you're done with
this, click Finished.
- Now you should be back at Edit Marketing Preferences.
Select all the No buttons. Make sure you go all
the way to the end so you don't get spammed by phone or postal mail
either. (I tried, just for fun, to set it to deliver spam to firstname.lastname@example.org but it was clever
enough to reject the address!)
- Click "Save Changes".
- You're done!
Yahoo Spying: "Web Beacons", a.k.a. One-Pixel GIFs or Web Bugs
To add insult to injury, Yahoo is now also using "web beacons",
or one-pixel GIFs, to spy on you as you browse the web and
read your spam. The idea of these is simple. For the most part,
when your browser or mail reader reads an HTML page
(HTML is the language
in which web pages, as well as some email messages, are written)
it reads the page with your explicit consent. For example,
you decide when to point your browser at a particular web page,
or when to open an email message. But there's one exception
to this. An HTML page may contain
image tags to allow browsers to load graphics along with the page.
The image tag contains
a link to the file containing the image.
The net result is that, if you open a web page or an email
message that contains an image tag, your browser or
mail reader makes another request over the network to read
the image, without your explicit consent.
Mostly, these image tags are harmless, and, while overused, they do
serve a sometimes useful function.
For example, the image to the right of this text comes to you
via an image tag.
But there are a number of ways image tags can reveal more
about you than you care to share:
- The image does not have to be visible. A one-pixel
transparent GIF is invisible. So unless you know where to
look, you won't even know that your browser or mail
reader requested, and was sent, an image from somewhere on the web.
- The link to the image can point anywhere on the web,
not just the server serving the original page.
So the image tag forces you to be a visitor to that other site without
your consent. For example, a site containing
information about a medical condition might contain
image tags pointing at huckster sites that may be interested
in spamming you, or even insurance companies that may be
interested in denying you coverage.
- The image server can send you cookies, and your browser will
normally send the image server any such cookies next time you "visit",
even if your "visit" is inadvertent via an image tag. This is how
Doubleclick gets cookies on your computer even though you've
never knowingly visited Doubleclick's site.
- The image server can find out your IP address.
- While the typical image tag just contains a web address
of the image file, the originating page can hide any other
information it wants in the tag, as long as the server can
interpret it. This is particularly painful in email messages,
which can hide your email address right in the image tag.
This way a spammer such as Yahoo, or worse, can find out
if, when, and from where you read their spam. Obviously
an email address of someone who actually reads their spam
is more valuable to spammers, and makes you more likely to
get spammed in the future.
To make use of any of the above techniques, the
author of the original page or email must explicitly
cooperate with the server of the graphic file.
Yahoo should be above such shenannigans, but apparently it's not.
How To Fix It
Luckily there are a few things you can do to minimize
the effect of these GIFs:
- Never open email messages if they appear to be spam,
even just to peek.
- Use web browsers and
mail readers that have features to foil this exploit. A mail
reader should allow you to prevent it from loading remote
images in email messages. A web browser should allow you to
prevent it from loading images from a different server than the
one the page is on. Both of these features are available in
the excellent, free, open-source browser/email reader
- To put recipients of your emails at ease, configure
your mail program to produce plain text messages,
not HTML messages. Not all mail readers can read HTML
- For each browser on each machine that you use, you can
visit this page
to tell Yahoo that you want to opt-out of web beacons.
Of course, this technique at best solves the
problem for Yahoo and its crony sites, but not the rest of the web.
Yahoo has published a little
note on this unpleasant subject.
If you want, tell Yahoo how you feel about all this snooping
their privacy feedback form.
I can't imagine, though, that this will do any good.