tl;dr - You can get off Yahoo! Mail (or any other “free” email provider) by connecting a POP-capable mail client (like Thunderbird), downloading all your mail, getting a new mail server/service, ensuring all important emails go to the new account, and finally deleting your account.
Believe it or not, until recently I had an active ~18 year old Yahoo! mail account. A while ago after a few hacks that Yahoo! suffered, the Mail arm was sold to a company called Oath. Verizon acquired Yahoo! for a bargain (?) a bit ago, and for a while they’ve been asking for me to accept a changed user agreement that no doubt contains very different terms from which Yahoo! Mail operated under before. The phrase is overused now, but it really is true that in the recent economy, it’s very much the case that if you’re not paying for a product you (or your data/metadata) likely are the product. With this understanding, a knowledgable consumer’s is left to conduct the analysis of whether the services being rendered are worth the data that is being mined and other factors. For me this was an account I very rarely used, and this seemed like the perfect time to shut it down quietly. I run my own mail server which I’m sending more and more crucial mail to everyday (and maybe someday if I get tired of that I’ll just use ProtonMail), so I figured I’d rather start using that. For others, the choice might not be so clear – maybe it’s an “offshore” email that you only use for specific things? Maybe you just don’t care about companies mining email data or connecting metadata or whatever else – it’s a personal choice.
Well, enough tinfoil hattery, whether or not you choose to keep an email address at Yahoo! or any other provider (I still have GMail, for example) is up to you. This article is more about the process I went through if anyone else was curious just what it would take.
Figure out your next mail provider
Obviously, before you close down your current mail account(s), you’re going to want to pick your next email provider (or if it’s you, rent the servers, etc). As I mentioned, ProtonMail seems to be a reasonably trusted community choice these days, but you can also just spend a week or two learning about setting up a Postfix server, or use off the shelf solutions like Mailu that bundle everything together for you.
If you’re going to go the self-hostted route, this is the stuff you’ll likely need to be ready to do:
- Purchase a VPS (another trust issue here if you’re worried about security – assume all VPS providers are compromised)
- Read up on Postfix
- Set up DKIM/SPF records (via opendkim it’s pretty easy), and update DNS records so other SMTP servers can at least try to trust you trust you
- Harden your email server so you don’t forward spam (also, install spamassassin)
- Harden your email server so you are less likely to get hacked (at the very least, check & close unnecessary open ports, only use key-based auth with SSH, install fail2ban)
- Test your email infrastructure (make it as repeatable as possible or maybe check it into source control)
- Ensure your emails from the new infrastructure don’t go to spam on yahoo or other email providers, maybe enlist help of friends
While normally people might not recommend this route, I think it’s actually really important – the more people we have running SMTP servers and independent email servers, the less likely the technology (and the embrace of independent operation) dies out. The spec for SMTP is actually pretty simple, so you could read through it – but I wouldn’t necessarily recommend writing your own just because of the crazy amount of corner cases that exist (and because Postfix is almost certainly good enough). I’m working on a a project called postmgr that aims to make it easier to run Postfix (by wrapping/proxying it with a parent process), but I haven’t worked on it in quite a while. Either way, the more developers out there that have messed with mail servers the better – the more innovation, competition, and wacky side projects we’ll see in the space.
For those that don’t want to run their own ProtonMail seems to be well trusted compared to their rivals on Reddit (the mentioned rival was Tutanota). In the end, you have to give some amount of trust to these companies, but that’s always the case in some way or another.
Find and start moving important accounts that rely on the address
This gets harder if you’re getting lots of emails to the account you’re trying to replace, but try to track down (usually by just checking through recent emails the really important accounts on other sites that rely on this email address. Banking/financial websites are obviously near the top of the list, maybe big organizations you’re a part of, etc.
Set up POP email (Yahoo! specific)
This section is a bit Yahoo! specific since it’s what inspired this post but it shouldn’t be too different for other sites. In my case, a yahoo forums post lead me to a Yahoo Help post which cleared up why POP wasn’t working from Thunderbird immediately – the issue was that you had to enable “insecure” access for your Yahoo! account.
Download all your email via POP
Make sure you have enough space on whichever computer you’re using, and set up a Thunderbird POP account pointing at the POP-enabled email address you’ve just set up. When you attempt to open your email address and start viewing email, your client should start downloading copies of every single email you’ve received that the server has. This is your email backup – from here you can backup the email using the options in Thunderbird itself or the import export tools plugin.
- Use Pop3 via a mail client like Thunderbird (LINK) to download all your email from Yahoo (SCRENSHOT of add account screen)
RETR(LINK TO SPEC) command will fail a few times, but just click “Get Messages” in Thunderbird again, and confirm that the number of messages pulled is still going (I had to start from 2006!) wil
Start the process for deleting your account (Yahoo! specific)
For me, deleting my yahoo account meant visiting the relevant Yahoo! Help page – hopefully it helps for you. AccountKiller.com and JustDeleteMe maintain direct links of how to delete your account on various sites, hopefully your mail provider is on there.
Luckily the process went pretty smoothly for me and I’m now off Yahoo! Mail (or Oath Mail?). Later this year I’ll probably see if I can replicate this process for GMail and get off free email providers for good.