A bad phishing experience prompted a CNET writer to come up with an interesting plan to consolidate contact lists to reduce the chance of similar problems:
The contact-list hijacking got me thinking about the best way to prevent a recurrence. Because part of my job is testing e-mail, I have more accounts than I need, including three different Gmail accounts, two Outlook.com accounts one the former Hotmail account, a Yahoo Mail account, and accounts with two different ISPs.
All the Web mail accounts had contact lists, although I had already deleted the addresses from Hotmail. In an attempt to reduce the overall risk, I ditched the duplicates and consolidated the contacts into a single address book. By removing the contact lists from the Web mail accounts and switching my primary address from Gmail to an ISP address, there would theoretically be only one point of access to the addresses.
In terms of functionality, theres not much difference between Web mail and ISP mail, although there are some trade-offs. For example, my ISPs mail system lacks Gmails options for managing your inbox and contact list. On the other hand, the ISP mail window is ad-free.
Some people claim Gmail and other Google services constitute a privacy threat, but most experts consider the risk minimal, especially compared to the privacy threats posed by such industries as banking and health care, not to mention the government.
To convert the Gmail, Yahoo Mail, and Outlook.com accounts to receive-only, I forwarded their incoming mail to the ISP account. I use the ISP address to reply to most messages and to send new messages, so that’s the only account that needs a contact list.
There’s no guarantee the ISP account wont be hacked at some time, but reducing the number of occurrences of each contact narrows the target for phishers.
via Deter phishing attacks by consolidating your contacts | How To – CNET.
The author goes on to explain how he went about reducing the risk. It seems like you could get a comparable security improvement by consolidating in the account you considered safest, not necessarily an ISP account.