Li'l Abner wrote:

> VanguardLH <V@nguard.LH> wrote in news:jc7b88$fq$1@news.albasani.net:
>
>> Li'l Abner wrote:
>>
>>> Quite some time ago I had a friend whose Yahoo account had begun
>>> sending out spam email to a sizeable number of recipents, mine
>>> included. She changed her password and the spam ceased. Now two or
>>> three months ago she was unable to log in to her account. Her new
>>> password had obviously been changed. She finally gave up and created
>>> a new account.
>>>
>>> And now this morning, I just received another spam email from her old
>>> account which was addressed to 9 recipients. Three of them were all
>>> accounts of my own.
>>
>> So your friend abandoned her Yahoo account, left it hijacked, and
>> you're surprised spam is sent from there? God forbid she *close* the
>> account so no one can login thereafter. If she couldn't login
>> anymore, and the "Remember password" mechanism didn't work, then
>> contact Yahoo to have them close the account.
>>
>> So how is her use of easy to guess dictionary attackable passwords
>> going to prevent the same problem for her new account? That she doles
>> it out everywhere, even to untrusted senders, instead of using aliases
>> (either using Yahoo's alias feature or some other service, like
>> Spamgourmet.com spammotel.com, or sneakemail.com) means all those
>> spammers know what it is and might decide to target it for hacking.
>>
>>> I haven't posted any headers here because I've already analyzed where
>>> the mail is originating from, See
>>> (http://whois.domaintools.com/btel.net.id ) That domain is in
>>> Indonesia, I think.
>>>
>>> My question: How can she get rid of that old account altogether?
>>
>> Close it. That requires logging in. As noted above, contact Yahoo if
>> their Remember Password doesn't work. Usually the data they ask for
>> cannot be changed in the account, like your birthdate, but some use
>> data that a hacker can change so the Remember Password mechanism won't
>> work. At that point, contact Yahoo to get them to close the account
>> but be ready to provide some details to show you used to own the
>> account.
>>
>> If your friend can't get her old and now abandoned Yahoo account
>> closed then she has to go informing everyone that she has a new e-mail
>> address (and to block e-mails from her old e-mail address, especially
>> if she uploaded or managed her contacts in the address book up in her
>> account on the mail server).
>>
>> http://help.yahoo.com/kb/index?local...y=PROD_ACCT&id
>> =SLN2044
>>
>> https://io.help.yahoo.com/contact/in...OD_ACCT&page=c
>> ontact Product = Yahoo! Account
>> Category = Register or delete account
>> Subcategory = Unable to delete an individual account
>> Add a description:
>> Example: Hacker changed my password. Cannot login to close account.
>> Click the "Email Now" link.
>
> Thanks. I forwarded all that information to her and she has informed me
> that she was able to delete the account. It will be final in 90 days.

With Hotmail, after closing an account, you can reactivate it within 90
days by logging in again. Thereafter they delete say they will delete
the account but I've seen supposedly closed accounts survive longer.

Yahoo is different, as I recall. Once you close an account, it is
*immediately* deleted. You cannot reactivate it by re-logging in. When
you close your Yahoo account, you won't be able to ever log into again.
I once cancelled a Yahoo account and less than a week later decided that
I'd like it back but no go as the login failed and the account didn't
exist anymore. I couldn't create a new account with the old name since
they keep that on record for something like 3 years after which I
managed to revive an account under that old name.

In Gmail, closing an account is immediate, too, but they keep the
username on record forever. They claim that the deleted usernames go
back into the name pool but I've been trying for 4 years to reestablish
an old account at Gmail using my old name. It's not assigned to anyone;
else. SMTP testing to login and specify my old e-mail address in the
RCPT-TO command would not return an error if the account existed (since
that's the handshaking needed to an SMTP server to deliver e-mail to the
specified username at the target domain), so it doesn't exist but I
cannot create a new account with that old still-recorded deleted
username.

So, for the Yahoo account, if she's closed the account, there's no
waiting 90 days for actual account deletion. It's gone NOW.

> As an aside, I have had a Yahoo account for several years but I have only
> used it enough to keep it active. My password is a fairly common 6 letter
> word. I will change that immediately! I hope I'm smart enough to record
> what I changed it to somewhere where I can find it if the need comes up.

I have 1 old Yahoo account and 6 old Hotmail accounts that I still want
to keep (so others can't use my name as their username). These are free
accounts. If you don't login then the idle account eventually gets
auto-deleted. I changed the region to Asia for my Yahoo account, an old
trick, so I can enable POP. Hotmail added POP access a couple years
ago. So I have my Gmail account poll via POP those old Yahoo and
Hotmail accounts to keep them alive.

I use Gmail because its inbound spam filtering is excellent. So you
have the spam filter at Yahoo and Hotmail with e-mails getting yanked to
the Gmail account which also applies its spam filter. Chaining Gmail
into the e-mail chain is some folks employ a server-side spam filtering
scheme rather than adding more software on their computers. My rules
look for e-mails not addressed to me based on which account they come
through. Since all those Yahoo and Hotmail e-mails, of which there are
extremely few in an entire year, aren't to my Gmail address, my Gmail
"not sent to me" rule for my Gmail account will Junk all those other-
account e-mails.

Gmail will let you poll via POP up to 5 other accounts. If you have
more than than, create another Gmail account and have it poll another 5
accounts - but alter the first Gmail account so its last (5th) other-
account that it polls is your 2nd Gmail account. So you can chain
together a bunch of Gmail accounts together with each polling up to 4
other POP accounts (with the last one in the chain capable of polling up
to 5 other accounts).

Since they are idle accounts, I configured the Hotmail accounts for
"exclusive" access. That means no one except senders listed in my
contacts list or Safe Senders list will get their e-mails into my Inbox.
All other e-mails are immediately discarded upon delivery. Yahoo
doesn't have a similar feature so I used 2 rules: one looks for an long
oddball string in the Subject header followed by another that looks for
the absense of that long oddball string. Both rules delete an e-mail
that matches. So if an e-mail doesn't have the string then it's deleted
and if does have the string then it's also deleted. Whenever I choose
to use those keep-alive accounts, I'll just reconfigure to not be
exclusive mode or delete the paired exclusion rules.