Microsoft recycling Outlook email accounts; not mentioned in service agreement

Microsoft's Outlook.com service has been live for over a year now, but it looks like people who don't sign into their Microsoft Account in a timely fashion could find that their email addresses are freed up after a period of nearly a year.

According to PCWorld, Microsoft's service agreement does day that users must sign onto their Microsoft Account at least once every 270 days. If they don't, the agreement says their access could be canceled and their online data might be deleted. However, that same public agreement says nothing of Microsoft allowing others to access that now unused email address again.

A Microsoft statement claims "the email account is automatically queued for deletion from our servers. Then, after a total of 360 days, the email account name is made available again." Yahoo was recently found to be recycling email addresses to other users and got hit with critics who said that could be a security issue. Google says that it does not recycle Gmail addresses, even if a user deletes an account from their service.

Microsoft did not indicate if it plans to add a section in its online service agreement about their policy of recycling Outlook email addresses. In a statement, the company did say, "We listen closely to the feedback we receive from customers, and are always evaluating how to ensure Outlook.com is the best email service available."

Source: PCWorld | Image via Microsoft

Report a problem with article
Previous Story

NeoBytes :) Jimmy Fallon offers us more of Bill Gates' regrets

Next Story

Sony: PS4's DualShock 4 controller will offer basic functions on Windows PCs

48 Comments

Commenting is disabled on this article.

I registered my name @hotmail.com as it was freed up. I'm getting these weird bank statements, however I just blocked them.

How does it work?? surely when the account is activated by a new person they are going to be instantly receiving spam and any sites/mailing lists that don't remove the email address after time would continue sending to the address too

What happens when you get an address of someone who has died?? Some sites require a unique address and the only way to fix it would be to reset the password then login to the site and deactivate if possible and re join, or use the dead persons account lol.

Not a big deal at all and people even on this site who get the name they want but never use it, this recycling is ideal for others who might actually use them. You don't use it in 9 months you obviously don't care and you can easily log in on something within that time if you want to keep it.

The problem is, outlook.com is not just an email account. It's also your windows, xbox, office 365 and skype account. What if a person gets sick and is not able to login inside that 270 days period? What happens then?

Unable to log in within 270 days, really? That's roughly 9 months. Why would anyone have a Windows/XBox/Office 365/Skype account that they won't use for 9 months?

I mean, I guess in theory you could be in a coma for 9 months?? But seriously, 270 days is plenty of time.

If you're incapacitated for a year, checking your e-mail would not be very high on the priority list when you recovered.

If the address got recycled, then everything tied to that account would be deleted also. If you're using the account for those things you mention, then that counts towards the usage counter. If you dont use Xbox, Office 360, Skype, Outlook, etc for 270 days, then quite clearly you don't want or need the account any more.

Relativity_17 said,
If you're incapacitated for a year, checking your e-mail would not be very high on the priority list when you recovered.

How many people in this day and age do not have their account on a mobile device of some kind AND find themselves unable to log on for 9 months or more? Not many at all I'd wager. This is a non-issue.

Doomguy- said,
The problem is, outlook.com is not just an email account. It's also your windows, xbox, office 365 and skype account. What if a person gets sick and is not able to login inside that 270 days period? What happens then?

I assume that person will have to assign a new email to his account. It sucks, but if you've been in a coma for 9 months, I assume losing your email address isn't the biggest of your worries.

Also, the 360 day cool down is a period you can reclaim the 'lost' email address. Data will however still be lost.

So if for some reason you end up not being able to login for over 600 days.... then just give it to someone else who would want it, or pay for a subscription.

Relativity_17 said,
If you're incapacitated for a year, checking your e-mail would not be very high on the priority list when you recovered.

Unless I was in a coma, being incapacitated is exactly when I'd be checking my email a lot more.

When I had cancer, I didn't check my email for over five months because I was so sick. If I hadn't gotten better it could have been much longer.

When I had cancer I had all the time in the world to check my email and go online.
In fact, while in the hospital receiving chemo, if I hadn't have been able to I would have died of boredom

I agree, I mean, how long is it before we all start using serial numbers like Captcha for our damn accounts! Our kids will be like "aaawww snap! Aw3somHaxX0r is all ready taken!"

But in all seriousness, I agree. The only bad thing is of course how to stop email intended for the original recipient is filtered from the old one. Maybe a new email standard, where each account is a unique hash, tied to a conventional name?

I think that was to be expected.

As far I as know, Hotmail did that for years, I read it somewhere on Microsoft's web pages.

Noting more then logic, if someone uses his account not for over 270 days, it's probably nothing important and someone else should be able to use that name.

Yahoo do did this, with GREAT success, yeah a total fcuk up by Yahoo.
WTF Microsoft? Have you not learned nothing from Yahoo's mistake?

Imagine if your old account was associated with your back and you had forgotten, because of M$'s dumb decision, the user owner of your olf eMail account could recover the password for your back.

BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT! BAD MICROSOFT!

Do you need somebody from Microsoft to come and whipe your bum as well !!! Please let's have some measure of personal responsibility and either not let our account lapse or don't use Outlook for banking details - not that any bank should be sending login details to any email account.

Do bionic backs that need passwords exist now then?

Seriously though... if the account gets disabled, then it hasn't been used for 270+ days. That's 9 months. You'd have to be incredibly stupid for your bank (not back) to still have an old unused email address, in the same way that you'd be stupid for not updating them with a new mailing address.

That said, Depicus is correct... any bank that sends logon details to an insecure email address don't deserve your custom.

Shadowzz said,
Also, MS has always done this with hotmail, nothing new.
Exactly, which is funny because one time it let me get access to someone else's gmail account which they were actively using... It's a fantastically smart idea to set your account's recovery options to an email you haven't checked for a year!

Pluto is a Planet said,
Exactly, which is funny because one time it let me get access to someone else's gmail account which they were actively using... It's a fantastically smart idea to set your account's recovery options to an email you haven't checked for a year!

hehe, well my Outlook/Hotmail account is locked to my gmail, and my gmail account is locked to my outlook account for recovery options, since for both secret answer+question is total gibberish
but that's people's own mistake IMO.

I don't see why this is a problem.... if you don't check your email for 270 days, you clearly do not use or want the account. That said, the new owner will continue to receive spam that the previous user receives, although Outlook's anti-spam filter is pretty damned good these days. I used to get upwards of 50 spams a day, now I'm unlucky if 1 or 2 get into my inbox.

It is 270 days marked for deletion...and from the looks from the article, another 360 days before the account is available for sign up again.
So 270 + 360 = 630 days

TCLN Ryster said,
That said, the new owner will continue to receive spam that the previous user receives, although Outlook's anti-spam filter is pretty damned good these days.

Spam isn't the biggest issue, as people will have signed up for various sites and newsletters. It's not a new account and therefore there are likely to be issues associated with it. For starters, it's quite likely the previous owner will have signed up to popular sites with the email address.

I'm worried about the implications for websites that store your credit card details. If you forget about your email account and it gets recycled then that person can potentially find websites where that address has already been registered (Amazon, etc) and trigger a password reset. Then they have access to your account.

They've always done it. And also if they didn't there we would run out of email addresses...

Tons of private stuff get sent through regular mail too, and it's your responsibility to make sure you update your information when you move. No different here.

They do this, because there is no reason to keep data that you don't even care to use for 270 days.

Plus, it is almost like you reserve the space, with no intention to ever use it. In that case, why can't someone else be allowed to actually use it and be benefit from your "inactivity?"... after all, you did not pay.

I used to work for Microsoft Windows Live Contacts team, and I can tell you that if you pay, yeah you can keep it and leave it inactive for as long as you like, but if you did not pay and simply sign up for free and then stop using it, we have a backend job that would mark your record for hard deletion, after x number of days.

Back in my time, each team had different min limit (min of x days before deletion). Hotmail had it own limit, Live Contacts had its own limit. etc. Live Account/Microsoft Passport also had its own limit. After the reorg and merging with Skype, not sure abou t what it is like now.

Edited by ThunderRiver, Oct 5 2013, 10:02pm :

Spicoli said,
It's because people run scripts to allocate a ton of addresses and then never use them.

I think this policy should be removed, once there's the proof that the mail box has been enough used. Or the period for automatic removal extended.

@bigmehdi. Why? If you don't use your email address (don't log into the account) for 1 year, you obviously don't need it...

bigmehdi said,

I think this policy should be removed, once there's the proof that the mail box has been enough used. Or the period for automatic removal extended.

Isn't a year of no access enough proof that it's not being used?

Spicoli said,

Isn't a year of no access enough proof that it's not being used?

A user could change his mind . Or have an accident.
Frankly the wasted resources by non-used accounts are minimal.

its always good practice, to try ask for 'lost password' on any known internet services using newly acquired email address.

You may manages to assumes a 'new' identity that way

Thank you Microsoft.

Torolol said,
its always good practice, to try ask for 'lost password' on any known internet services using newly acquired email address.

You may manages to assumes a 'new' identity that way

Thank you Microsoft.


You can ask a bank to mail you a new credit card, a new pin code. You can can ask social security to send you a replacement card through the mail. Etc etc etc

When I move houses it's not like the mailing address of my old house changes to prevent people stealing my identity. Should we start changing house/street numbers and names everytime someone moves to prevent this happening? Of course not.

It's YOUR responsibility to make sure that when you move / stop using a service that you update your information accordingly. Not Microsoft, Yahoo, USPS etc.