Yahoo Header Counteracts Email Address Recycling Nick Quinlan October 9, 2013 Best Practices, Technical // SUMMARIES ?> Yahoo Mail has started recycling email addresses. This led to a host of security and privacy concerns. As senders of transactional email, this was particularly scary to us, as we know our customers send privileged email every day, messages they wouldn’t want getting into the wrong hands. Luckily, Yahoo has given a way to counteract these concerns. In a recent proposal filed with the Internet Engineering Task Force (IETF), Yahoo put forth the idea of using an email header: Require-Recipient-Valid-Since. By using the RRVS header, you tell the email service provider (i.e. Yahoo), the last date you knew the address was valid. If the address has changed hands after the date you provided, the service provider will not deliver it. This prevents accidentally divulging privileged information to the wrong person. Typically, the timestamp included in the header will be the date at which the user clicked the email verification link you sent them. (You are verifying your user’s emails, right?) To use it you simply include the header along with the rest of the message headers, formatted as such: An email’s headers, then, would look as such: Having SendGrid insert this header, is easy, as seen below. Using SMTP As SendGrid’s SMTP, at its heart is just standard SMTP, you can simply add Require-Recipient-Valid-Since as you add any other header, just as above. Using the Web API Include a Require-Recipient-Valid-Since key in the headers list sent to the server. For example: POST https://sendgrid.com/api/mail.send.json POST Data …&headers[Require-Recipient-Valid-Since]=email@example.com;+Sat,+1+Jun+2013+09:23:01+-0700&… Using Client Libraries Our client libraries all provide ways to add a header to an email. You can find the precise way in their documentation.