Most free email services require you to sign in to the account at least once in a given time interval to keep the account active. Microsoft for instance requires users to sign in to Outlook.com every 270 days, and companies like Yahoo (365 days) and Google (270 days) require the same.
This does not necessarily mean that accounts will get deleted outright by the companies, but the possibility is there. Yahoo recently announced that it would redistribute old email addresses that were inactive for a prolonged period of time.
Now it has come to light that Microsoft is recycling Outlook.com email accounts as well. While new owners won't get any existing emails of the old owner, or contact information, or any other information of the old account, it is still important to note that this can be a security and privacy issue.
The core reason here is that the inactive email account may still be linked to accounts on the Internet. If someone else got hold of an email address, they can use the "resend password" option to gain access to those accounts. While the new owner does not know if there are any services that are linked to the account, it is likely that some may stumble upon them when they try to register for Internet services.
If they get an "email already in use" message when they try to register, they know that an account exists and that they may be able to recover it.
These accounts do not necessarily have to be inactive as well. A user may have used the email address to sign up for services on the Internet and for nothing more. The email address became inactive while the accounts may have been used regularly.
That is not the only thing that can happen though. New owners may receive emails addressed at the old owner of the email account. Since there is no protection in place to prevent this, it may happen that this happens.
What you need to do
There are two core options to protect your privacy and security.
- Don't let your email accounts become inactive.
- Unlink all services associated with the account, and notify all contacts about the change in email.
Don't let your email accounts become inactive
This is without doubt the easier option of the two. Just sign in once every 180 days or so and you should never have to worry about your account being made available again because of inactivity. If you do not want to remember passwords and usernames, use a program like Mozilla Thunderbird or a mobile email client to check emails.
Unlink services, notify contacts
Even if you do not want to use the account anymore, you still have the option to sign in every 180 days to protect it from redistribution.
If you want to get rid of the account completely, you need to unlink all associated Internet accounts first. This is done by either changing the email address on the service's website, or by closing those accounts as well.
In regards to contacts: it is important to notify them about the change, so that they do not use the old email address anymore to contact you.