This is a rather well known hole in yahoo mail, but it still needs to be fixed. If you looked you could pick out the scam, but most people do not look at the url of each site before entering a password.

DISCLAIMER:
I take know responsiblility for any trouble you cause or get into eith the information and material.

The files are attached that you would need.

Setup:
Place loginproccesor.php, expire.htiml, login.html and password.text on a webpage.
assign the the link to expire in cheater.txt to the right spot.

How to use:

Send a letter to someone with the code in the attached cheater.txt pasted on the bottom. Thi makes a fake bottom control bar ehich has the functions of yahoo like move to, delete, reply, forward. It also places the real bar about three pages down. When they click on the fake bar it sends them to yahoo standard expire page were it asked them to click a link to sign in again. They sign in and their password a usersname are stores in passward.txt. Since they really did not sign out the loginprocess.php returns them to their yahoo account none the wiser. Yahoo should solve this by taking out any spacers at the end of an email that has nothing after it and removing any spacers over, say three consecutive in the message.