Hi community members!
Our Mail All-stars recently had the opportunity to have a Q&A session with our Mail Technical Program Manager CeCe.
Below you will find the transcript to the event. To access the answers you will need to click the Spoiler button below each question. We hope this may answer some of your burning questions as well as give insight into some of our technical issues.
We plan on doing more Q&A’s in the future so keep an eye out.
Q: Wow. Thanks. After reading CeCe's intro I wonder about free time. lol..
I think a question all of us have at some point is helping customers get back into their email accounts when they have lost or changed their phone number and don't know the password to their recovery email.
I don't want to raise false hope, but I also hate to tell them up-to-date recovery information is their responsibility and the account can't be recovered. They seem to think staff can magically fix it for them.
Thoughts or suggestions welcomed.
Q: I would like to know the following.
First, I do not have a smartphone. I know that there is a Yahoo mail app and there are others. I assume that the Yahoo app uses IMAP. When I refer to applications I am referring to a computer and a portable device.
What email applications can be used to access Yahoo with IMAP? I believe it was limited to Thunderbird and the Yahoo mail app at one time.
Can all email applications still use POP3?
Are any special settings or passwords required?
Exactly when is the "Allow apps that use less secure sign in" option required? How do we know what is less secure? Allow the verification to be done by email or phone with a choice if there are multiples.
I would like to recommend the following:
You currently require a backup phone number and/or email address. Many times people change one or the other and forget to update it online. You should require either both or multiple phone numbers and/or addresses.
You seem to require a code verification when using a different device. I read about one person that could not access the recovery email address since it was also on a different device. Each address required verification on the other.
The Yahoo Mail app actually does a web login (using HTTPS) like if you were just accessing from a browser instead of using IMAP.
Supported desktop email applications (we usually call them “clients”) are the latest versions of Outlook (2013 and later), MacMail (8 or later), and Thunderbird (38 and later). I believe all of these can be configured with POP3 or IMAP, but definitely check with the manufacturer to be 100% sure. Non-Yahoo mobile apps typically default to IMAP. We support the latest versions of the native email apps for Android and iOS.
Older versions of Outlook, MacMail, Thunderbird, Android Email, and iOS Mail may still be able to access Yahoo Mail via POP or IMAP, but these would require setting up two-step verification and an app password as the older clients don’t use the latest authentication security.
Anyone who has two-step verification or Yahoo Account Key enabled, will need to generate an app password in order to configure their account in an email client. The app password allows the client to bypass the extra verification step of sending a text to your mobile/email to your recovery address.
Speaking from experience, IMAP is a more secure and reliable protocol than POP, so we always recommend users switch to IMAP. Currently, iOS Mail (for iPhone, iPad, iPod touch from Apple) is fairly buggy. We frequently see the app delete/move messages without input from the user, so for users with iOS devices, we strongly recommend using our Yahoo Mail app instead.
NOTE: The version numbers are liable to change without warning
Q: A few questions I had come up with
I have seen a few posts that say there is an issue with Outlook 2016 connecting to Yahoo mail. One poster said they were on a Windows 10 machine and everything was working fine when they originally set things up but a month ago something changed and now they have no connection and they are being asked to supply an app password.
I have been amazed at the number of people posting account recovery questions so much so that you wonder how many are genuine and how many are just spam. They seem to all go like my recovery phone number is not available either because the phone was stolen, lost, or they changed phones or providers and the recovery email address if they bothered to set one had not been accessed in years. I posted my own question about this here but had few responses but many views. I was also wondering if any other account recovery options were in the works from Verizon and how you could verify account ownership and maintain account security at the same time.
I was helping one person that said they logged into their account using a rocketmail.com email address but emails sent to that address bounced back as undeliverable with a 554 error. I figured that they may have reactivated an account that had been inactive for a long time. They told me that emails sent from this address were delivered with their correct name but with a yahoo.id address that he did not set up. I had him check to see what accounts may be attached to his account and the yahoo.id account is listed first and the rocketmail account is listed second. I found this baffling.
I have always wondered why Yahoo recycles email addresses instead of just marking them as unavailable. I saw one person that said they were able to create a new account using a previously used email address that they had last used five years ago. Can you provide any information on what happens once an account is marked as deactivated and how long Yahoo waits before starting the deletion process?
The amount of investigation it would take to determine what’s causing the authentication failure like the one you’ve described with Outlook 2016 just isn’t worth it. The quickest and easiest solution is to just create the app password. It’s possible the users encountering this issue turned on two-step verification or Yahoo Account Key unintentionally which caused the login prompt in Outlook.
It sounds like you were right on the money with the rocketmail account. Since new accounts can’t be registered with that domain, when the user reactivated the dormant account, the new mailbox was created based on the Terms of Service the user agreed to, in this case, sounds like
Q: CeCe, when you get to work in the morning, what is the first thing you usually have to attend to? Do you spend the first hour of each day "putting out fires"?
Actually, the first thing I usually do is see what kind of bugs or trending issues popped up from the Community team or Customer Care. If there’s anything I can fix, I do. If I can’t fix it, I try to gather as much info about the account/issue as possible then get it to the right team to resolve as quickly as possible.
My team is definitely the one responsible for putting out fires, but since we have team members across the globe, we don’t usually have a mountain of issues in our inbox when we come in. But when we see those temporary errors, you better believe that putting out fires is EXACTLY what it feels like.
Q: I had a question about security questions and answers. I remember receiving the email saying that Yahoo was moving away from using them as part of the account recovery process and that you would no longer be able to set new ones or edit existing ones. The email had instructions for deleting your existing security questions and for updating your account recovery options.
I have been reading questions where people are trying to recover an account and saw answering security questions as an option. When they chose that one of three things happened:
No answer was accepted as correct for either of the two questions ask. I realize the simplest explanation for this is they are not entering what they believe to be the correct answer correctly
The answer for question one was accepted as correct but the answer to question two was not
The answer to both questions was accepted as correct but they were cycled back to the beginning page of the account recovery process
So my question is for existing accounts that still have security questions registered is that still a valid account recovery option?
Q: Okay, going from the specific to the more general, what can we, the "Mail All Star Group" do to make things any easier for you?
This might be something that’s easier for the Community team to answer, but based on my time with Customer Care, I always recommended knowing the product inside and out. There’s a bunch of features that not everyone uses, but some users rely upon, like disposable email addresses, filters, folders, etc. Knowing the limits and best practices for using those features will definitely save the Community team some time.
For disposable email addresses, users are able to select one base name for the life of the account. Once it’s set, it cannot be changed. They’re able to create 500 disposable addresses using their base name + a keyword. As an example, one of mine would be firstname.lastname@example.org, where my base name is “ce_XXXX” and the keyword is “oldnavy”. Once they reach 500, they’ll have to delete some in order to create any new ones.
The maximum number of custom folders (including subfolders) a user can create is 491. I have no idea why it’s not just 500, but life is full of mysteries sometimes. When a user reaches the maximum number of folders, they’ll get an error message that’s something like: “Unable to create folder. Please try again later.” Unfortunately, trying again later won’t do them any good. We’re working on updating that error message to be more descriptive of the actual issue. When users get an error trying to create a folder, 99% of the time it’s because they’ve reached the max. Again, they’ll have to delete some before they can create any new ones.
Filters are another beast. The maximum number of filters is 1000. One of the important things to remember here is that our SpamGuard takes precedence over any user created filters. So if a user has a filter set to deliver messages with subject containing “pharmacy” to Trash, the message will end up in the Spam folder since our SpamGuard determined it was spam before it reached the user’s filters. The other critical thing about filters is the order they’re listed in is the order we’ll process them in. So back to my oldnavy example, if the first filter in my list is “If sender contains oldnavy, then deliver to Shopping folder” and further down the list I have a filter that says “If recipient is email@example.com, then deliver to Old Navy folder, all of those messages will end up in the Shopping folder, since the sender filter has priority over the recipient filter (and theoretically, all of those messages would have oldnavy in the sender’s address).
Q: This may be too early to speculate but with Yahoo Mail and AOL Mail being part of Oath/Verizon what do you think will happen with addresses and the web interface?
I would assume that addresses would not change. Maybe the AOL web interface will be removed and the Yahoo interface will be used for both. That is actually possible now.
Q: The last article I read said that Verizon was creating a subsidary combining the core buisinesses of Yahoo and AOL into a new unit called Oath. The signage I saw read "Oath: A Verizon Company". I could see that email addresses would not change but I wouldn't be surprised to see a new login address or something showing the new business unit on the login page.
It's possible that the login URL would change, but I’d assume that login.yahoo.com and mail.yahoo.com would still get you to the right place just like URLs that have stayed active over time from prior changes. At the moment we are not 100% sure what the plan or direction is for the site and email addresses.
More to come as we integrate the two businesses.
Q: I was wondering about best practices for looking up information in the Yahoo Help system. I'm sometimes frustrated that I can't find what I'm looking for in a direct search on the error message or subject topic but if I use a more indirect search for a similar topic I can sometimes back into the information I was originally looking for. I was wondering if there was one central place where error messages are congregated that we can refer to?
Q: Here's another question. A user I have been working with says he has both a recovery email address and recovery phone number listed on the Account Recovery page of the account he is trying to recover. He says when he goes through the account recovery process he recognizes both the phone number and the email address. He has selected each one to receive the account key code but the code doesn't arrive.
The thing that I think is causing this is that he says he never clicked on the Verify button after entering either the phone number or the email address on the Account Recovery page. I seem to remember something from years back on Yahoo Answers where someone else did the same thing. They were told if they saved the information on the Account Security page it would display as a account recovery option if they tried to recover their account but since they did not verify either option as a valid email address or phone number then no account key code would be sent.