[MisterWalter]

I worked at a school helpdesk for a while, and I saw that whenever school email accounts were hacked, the attackers would set up forwarding to some other account. People wouldn't notice the forwarding for weeks or longer, and would only come in to us by chance. In the meantime, a lot of information could be siphoned off.

There could be some legitimate security concerns there, especially since most yahoo accounts don't have a convenient and free help desk to stop by, right?

(Disclaimer: I am only a novice when it comes to security, I could be totally off base)

[ocdtrekkie]

There is a very easy solution to this, which I believe Gmail employs: Place a very noticeable banner on the inbox when all your email is being forwarded to another address.

[zulln]

I forward everything that _does not_ match a specific string using the filter feature in Gmail, and I get no such banner. It is a company owned email, with a custom domain and such, but should not differ in this case.

[ikeboy]

The banner only shows for a week after you set it up.

[1945]

That's assuming everyone composes e-mails through the web UI. Maybe they don't want to make that assumption.

[Waterluvian]

Should just auto reset forwarding when a password reset is done.

[askvictor]

We had such an attack recently; the banner disappears after a time (also, users don't read banners)