It depends on who’s looking.
Emptying the trash is a good approach to making sure messages you’ve deleted stay that way.
Naturally, there is an exception you need to be aware of.
Become a Patron of Ask Leo! and go ad-free!
For the average email user, email in a trash folder or recycle bin is quickly recoverable. Once those folders are emptied the email is gone for good. However, the provider could be required to turn over email stored in their backups to law enforcement if there is sufficient cause. How long those backups are kept, or even what they contain, is unknown and probably varies from provider to provider.
Trashing your email: gone for good
If you click Empty Trash or Empty Recycle Bin, you won’t be able to recover any messages that used to be in there. Gone is gone.
The good news here is, the same is true for a hacker. Not only would they not be able to recover the former contents of your trash, but they wouldn’t have any indication there was anything there to begin with.
Many desktop-based email programs offer the option of automatically emptying the trash when you close the program. While this is mostly an effort to save disk space, it also makes recovery of those messages harder.
Web-based email services like Yahoo!, Gmail, Outlook.com, and others typically leave messages in your trash or recycle bin for only so long — like 30 days — before deleting them permanently. I’m not aware of any automated immediate “empty the trash on exit” functions for web email, though, so you’ll need to do that manually if it’s what you want.
Is it really gone for good?
Remember that email providers — in your case, Yahoo! and Gmail — back up their servers.
While you and I wouldn’t be able to access the email that used to be in our trash, it’s possible someone at the email provider could. For example, they might be able to access it from a backup taken before you deleted it, or other resources they maintain that we simply don’t know about.
Generally, this isn’t a huge risk when we consider hacking. It would take a rogue employee, or someone actually hacking into the data center and then knowing where to look, to find those backups. I consider this malicious scenario extremely unlikely.
But there’s another scenario people often don’t think about.
The long arm of the law
Let’s say an email may be of interest to law enforcement or the legal system. In fact, let’s say it’s an email you deleted and then emptied your trash, so even you wouldn’t be able to recover it.
Email providers are often compelled by court orders to retrieve data.
We don’t know how often — they don’t publicize the requests — and we don’t know if those requests include digging into backups. We don’t even know how long email providers keeps backups.
But the point is, in theory, an email provider could be compelled to recover messages you had removed from your trash.
To be clear, it’s not something they do lightly. If you asked them to recover one lost message, they’re more likely to tell you “tough luck” and that the data is gone forever.
But if what you’re concerned about has legal, political, or other ramifications, it is conceivable they could recover a deleted email message.