Yahoo Mail should scan inbound & outbound mail & block malicious attachments, links, ads & external content. TLS should be enforced in sending & receiving of mail between addresses & cert checking & blocking of spoofed email or certs. DNSSEC should be used in Yahoo Mail servers & also malicious sites removed Yahoo ads or search results & malicious emails should be automatically put in spam or blocked & TLS signature & wither email was was received via TLS should be displayed including if the email is malicious. Better SPAM protection is needed to prevent account phishing emails.