As previously announced, Yahoo is freeing up Yahoo email IDs which have been inactive for at least 12 months, so new users can get the email addresses they've always wanted - maybe.
If there's a Yahoo email address you've been pining for, head over to wishlist.yahoo.com where you can enter up to five usernames, from most to least wanted. If you're first in line, Yahoo will email you a link to claim it in mid-August.
The move to reclaim user IDs isn't without controversy; people are concerned about privacy and security and rightly so. What if an inactive Yahoo email account is being used as a secondary email address? What if it's being used as an alternative password reset account to a primary account? If somebody claims a Yahoo username which used to belong to someone else, could they use it to force a password reset elsewhere?
Which is why Yahoo is also instituting a new security measure with the ID resets. The 'Require-Recipient-Valid-Since' header system will work with other websites to check the age of the account before delivering the email, to prevent email meant for the previous owner being sent. For example, if a Facebook user with an existing Yahoo email sends a request to reset their password, Facebook would signal Yahoo to check the age of the account before delivering the password reset email.
Because Facebook users confirm their email addresses when they first sign up, if the date of confirmation is before the date of the new Yahoo ID ownership, the email won't be delivered to the new owner of the Yahoo ID. Facebook is one of the early partners working with Yahoo to implement this security feature.
The weakness of the new header system is that it requires co-operation between both Yahoo and other websites in order to work. Yahoo says that the 'Require-Recipient-Valid-Since' is a new standard being published with the IETF (Internet Engineering Task Force), and one that Yahoo will be reaching out with more partners to implement.