Contents
- Why Yahoo needs specific attention
- The 2025 Yahoo infrastructure consolidation
- Yahoo domain block configuration
- Collapsing the Yahoo family with queue-to
- Yahoo SMTP error code reference
- Handling TSS04 deferrals
- The Complaint Feedback Loop and Sender Hub
- smtp-pattern-list for Yahoo backoff
- Authentication requirements
- Yahoo incident diagnostic workflow
Why Yahoo needs specific attention
Yahoo is one of the most sensitive receiving environments for high-volume senders. It throttles aggressively, surfaces reputation problems through specific and recognizable error codes, and has a complaint feedback loop that, when used, gives operators early warning of reputation problems. PowerMTA's per-destination configuration makes it well-suited to Yahoo-specific tuning, but the tuning needs to reflect Yahoo's actual behavior rather than generic settings.
Yahoo also became substantially more important in 2025 because of an infrastructure consolidation that pulled Comcast and AT&T email into Yahoo's mail infrastructure. An operator who tuned PowerMTA for Yahoo two years ago and has not revisited the configuration is now under-tuned for a meaningfully larger share of their recipient base, because comcast.net and att.net addresses now route through Yahoo's servers.
This guide exists because Yahoo configuration is where generic PowerMTA setups most visibly underperform. The structure: the 2025 infrastructure consolidation and what it means, the Yahoo domain block configuration, collapsing the full Yahoo family with queue-to, the Yahoo SMTP error code reference, handling the TSS04 throttling code specifically, the Complaint Feedback Loop and the 2024 Sender Hub migration, smtp-pattern-list for automatic backoff, authentication requirements, and the diagnostic workflow for Yahoo deliverability incidents.
The 2025 Yahoo infrastructure consolidation
Two major changes in 2025 expanded what counts as Yahoo traffic for delivery purposes.
Comcast migration. Comcast announced it is phasing out its legacy Xfinity mail platform and progressively migrating comcast.net accounts to Yahoo Mail. Users keep their comcast.net addresses along with folders, contacts, and content, but the underlying mail infrastructure becomes Yahoo's. After migration, comcast.net mail access continues via Yahoo's web, app, and IMAP/SMTP servers.
AT&T migration. As of late June 2025, AT&T started updating MX records for its consumer domains to point directly to Yahoo's inbound mail servers at mx-att.mail.am0.yahoodns.net. AT&T consumer domains (att.net, sbcglobal.net, bellsouth.net, and others) now deliver through Yahoo infrastructure.
The operational implication for PowerMTA configuration: comcast.net and att.net addresses now behave like Yahoo addresses for delivery purposes. They throttle like Yahoo, return Yahoo error codes, and their complaints flow through Yahoo's CFL. PowerMTA configurations that treat comcast.net and att.net as separate destinations with their own throttling are now mismatched against reality, because Yahoo's reputation systems evaluate all of this traffic together.
The substantive consequence: the PowerMTA Yahoo domain block should now collapse a wider family of domains, and operators sending substantial volume to comcast.net or att.net addresses should verify their configuration reflects the consolidation.
Yahoo domain block configuration
A reasonable Yahoo domain block for warm dedicated IPs:
domain yahoo.com {
max-msg-rate 2500/h
max-msg-rate 75/m
max-conn-rate 15/m
max-smtp-out 5
retry-sequence 15m,30m,1h,4h,8h
retry-max-time 2d
backoff-retry 1h
backoff-after 5 errors
smtp-pattern-list yahoo-throttle
}
The substantive choices: max-smtp-out at 5 because Yahoo is sensitive to concurrent connection count (more connections produce errors); patient retry-sequence because Yahoo throttling persists and aggressive retry is counterproductive; backoff-after at 5 errors so backoff mode triggers early when Yahoo signals throttling; smtp-pattern-list referencing a Yahoo-specific pattern set (covered below).
For new or unproven IPs in warmup, the rates should be substantially lower. Practitioner observation suggests Yahoo's default inbound rate for unproven IPs is around 100 emails per hour, scaling up as reputation builds. A warmup Yahoo domain block:
domain yahoo.com {
max-msg-rate 100/h
max-conn-rate 5/m
max-smtp-out 2
retry-sequence 30m,1h,4h
backoff-after 3 errors
}
The warmup rate increases gradually over the warmup period, roughly doubling weekly as the IP proves itself, until reaching the warm-IP rates above.
Collapsing the Yahoo family with queue-to
Given the 2025 consolidation, the Yahoo family of domains that should share unified throttling has grown. The full collapse pattern using queue-to:
domain yahoo.com {
max-msg-rate 2500/h
max-conn-rate 15/m
max-smtp-out 5
retry-sequence 15m,30m,1h,4h,8h
backoff-retry 1h
backoff-after 5 errors
smtp-pattern-list yahoo-throttle
}
# Classic Yahoo family
domain ymail.com { queue-to yahoo.com }
domain rocketmail.com { queue-to yahoo.com }
domain yahoo.co.uk { queue-to yahoo.com }
domain yahoo.fr { queue-to yahoo.com }
domain yahoo.de { queue-to yahoo.com }
domain yahoo.es { queue-to yahoo.com }
domain yahoo.it { queue-to yahoo.com }
domain yahoo.ca { queue-to yahoo.com }
domain yahoo.com.au { queue-to yahoo.com }
# AOL (Yahoo-owned, same infrastructure)
domain aol.com { queue-to yahoo.com }
domain aim.com { queue-to yahoo.com }
# Comcast - migrated to Yahoo Mail in 2025
domain comcast.net { queue-to yahoo.com }
# AT&T consumer domains - MX now points to Yahoo
domain att.net { queue-to yahoo.com }
domain sbcglobal.net { queue-to yahoo.com }
domain bellsouth.net { queue-to yahoo.com }
domain ameritech.net { queue-to yahoo.com }
domain pacbell.net { queue-to yahoo.com }
All of these domains route through the yahoo.com queue with unified throttling counters. This matches Yahoo's reputation reality because Yahoo evaluates all of this traffic together at the IP level regardless of which recipient domain the messages target.
If your PowerMTA Yahoo configuration predates mid-2025, it almost certainly treats comcast.net and att.net as separate destinations with their own throttling. After the migrations, this is wrong: those addresses route through Yahoo infrastructure and Yahoo throttles them together with yahoo.com traffic. An operator sending substantial volume to comcast.net or att.net addresses without queue-to consolidation will see Yahoo throttling that appears to come from yahoo.com but is actually driven by combined volume across the consolidated family. Add the comcast.net and att.net family domains to the queue-to consolidation.
Yahoo SMTP error code reference
Yahoo communicates deliverability problems through specific SMTP error codes. Recognizing them lets operators respond before problems escalate.
| Code | Type | Meaning | Response |
|---|---|---|---|
| TSS04 | 4xx deferral | Throttled due to volume or complaints | Reduce volume, check complaints |
| TS01 | 4xx deferral | Generic temporary deferral | Retry normally, monitor pattern |
| TSS09 | 4xx deferral | Throttle variant | Reduce volume, review reputation |
| 421 4.7.0 | 4xx deferral | Connection-level deferral (often with TSS04) | Reduce connection rate and volume |
| 554 5.7.9 | 5xx rejection | Policy block, permanent | Full audit, gradual re-warm |
| From domain does not resolve | 4xx/5xx | DNS issue with visible From domain | Verify A, MX, TXT records resolve |
The general pattern: 4xx codes (TSS04, TS01, TSS09, 421) are warnings indicating throttling, not blocks; if sending behavior does not improve, throttling escalates to rejection. 5xx codes (554 5.7.9) are permanent rejections meaning Yahoo has blocked the domain or IP, and recovery requires a full audit and gradual re-warm.
The escalation path matters: TSS04 caught early and addressed with volume reduction resolves cleanly; TSS04 ignored escalates to 554 5.7.9 permanent rejection that requires the much more painful full re-warm recovery.
Handling TSS04 deferrals
TSS04 is Yahoo's most common throttling code. The full code text: "421 4.7.0 [TSS04] Messages from [IP] temporarily deferred due to unexpected volume or user complaints".
TSS04 is the classic warmup and complaint-spike throttle. Yahoo slows deliveries when an IP expands sending too quickly or after complaint rates rise. The recovery procedure:
Step 1: reduce volume immediately. Lower the max-msg-rate in the PowerMTA yahoo.com domain block by 30-50%. If currently at 2500/h, drop to 1250-1750/h.
Step 2: verify the CFL is enrolled and processing. TSS04 explicitly cites user complaints. If the Complaint Feedback Loop is not enrolled or ARF reports are not being processed into the suppression list, complainers continue receiving mail and complaining. Verify CFL enrollment and suppression processing.
Step 3: verify authentication. Confirm SPF, DKIM, and DMARC alignment for every sending domain. Yahoo weights authentication and misalignment contributes to throttling.
Step 4: scrub recent imports and low-engagement cohorts. Sending to unengaged Yahoo recipients drives complaints. Remove recent list imports of uncertain quality and low-engagement subscriber segments before resuming full volume.
Step 5: segment and prioritize engaged recipients. During recovery, send only to highly engaged Yahoo recipients (recent openers and clickers, ideally 7-30 day engagement window). The strong engagement signals help reputation recover.
Step 6: monitor and resume gradually. Watch for TSS04 frequency dropping. Resume normal volume gradually over several days, not immediately.
If TSS04 codes appear consistently and are not addressed, do not ignore them. The escalation from TSS04 deferral to 5XX permanent rejection is real, and recovery from a 5XX block requires the much more involved full audit and gradual IP re-warm.
The Complaint Feedback Loop and Sender Hub
The Yahoo Complaint Feedback Loop (CFL) is a free program that forwards complaints from Yahoo users who mark messages as spam. When a Yahoo user reports a message as spam, Yahoo sends the sender an ARF (Abuse Reporting Format) report so the sender can suppress that recipient from future campaigns.
The 2024 migration. Yahoo significantly changed the CFL in 2024. The old FBL was decommissioned and a new Sender Hub Dashboard interface was introduced. Critically, senders who were enrolled in the old FBL had to re-enroll through the new system, otherwise they stopped receiving complaint reports entirely. An operator who set up Yahoo FBL years ago and has not touched it since may have silently lost complaint visibility when the old FBL was decommissioned.
Enrollment process. The current process: create a Sender Hub account at the Yahoo senders portal, add and verify your sending domains, enroll the verified domains in the CFL through the Manage Services then Complaint Feedback Loop section.
DKIM requirement. The CFL only supports DKIM-signed email. Yahoo uses the DKIM signature to determine the actual sender of a message. Email that is not DKIM-signed cannot be enrolled in the CFL.
Domain-based only. The CFL is now domain-based. IP-based and CIDR-based feedback loops are no longer offered. Each domain you want complaint data for must be individually enrolled.
PowerMTA integration. The ARF reports from the CFL arrive at an enrolled address. PowerMTA can process incoming ARF messages and write f-type accounting records, and the application layer (MailWizz feedback-loop-handler, or custom processing) reads the complaints to update the suppression list. Complainers should be suppressed within 48 hours, which both improves reputation and is expected behavior for compliant bulk senders.
The CFL is one of the most underused Yahoo tools. Senders who skip it lose visibility into the complaint rates that directly drive their Yahoo reputation, and they are flying blind into exactly the TSS04 throttling that complaint monitoring would predict.
smtp-pattern-list for Yahoo backoff
PowerMTA's smtp-pattern-list lets operators define response patterns that automatically trigger backoff mode. A Yahoo-specific pattern set:
<smtp-pattern-list name="yahoo-throttle">
pattern "TSS04" backoff
pattern "TSS09" backoff
pattern "TS01" backoff
pattern "421 4.7.0" backoff
</smtp-pattern-list>
domain yahoo.com {
max-msg-rate 2500/h
max-conn-rate 15/m
max-smtp-out 5
retry-sequence 15m,30m,1h,4h,8h
backoff-retry 1h
backoff-after 5 errors
smtp-pattern-list yahoo-throttle
}
This configuration tells PowerMTA: when delivering to yahoo.com (and the queue-to consolidated family), if a response contains TSS04, TSS09, TS01, or 421 4.7.0, enter backoff mode automatically. The automatic backoff prevents PowerMTA from continuing to hammer Yahoo at full pace while Yahoo is signaling throttling, which is exactly the behavior that escalates TSS04 into 5xx blocks.
Operators can expand the pattern list as they observe additional Yahoo response patterns in their accounting logs. The smtp-pattern-list is most valuable for Yahoo specifically because Yahoo's throttling codes are well-defined and the automatic backoff response is exactly correct.
Authentication requirements
Yahoo's bulk sender requirements (in effect since February 2024) and the CFL's DKIM requirement make authentication non-negotiable for Yahoo delivery.
SPF. The sending domain's SPF record must authorize the PowerMTA outbound IPs. Use -all (hard fail) for production senders.
DKIM. Every message must be DKIM-signed. PowerMTA signs via the domain-key directive in the VMTA configuration. DKIM is required both for Yahoo's bulk sender compliance and for CFL enrollment (Yahoo uses the DKIM signature to identify the sender).
DMARC. A valid DMARC record is required for the sending domain. Yahoo's bulk sender requirements mandate DMARC at minimum p=none, with the broader expectation that senders progress toward enforcement.
rDNS. Reverse DNS for the PowerMTA outbound IPs must resolve to a hostname, and that hostname should forward-resolve back to the IP (forward-confirmed reverse DNS). Yahoo checks rDNS and missing or mismatched rDNS contributes to deliverability problems.
One-click unsubscribe. RFC 8058 one-click List-Unsubscribe is required for bulk senders. It also reduces complaints by giving recipients an easy alternative to the spam button, which directly helps the TSS04 complaint-driven throttling.
The substantive point: Yahoo deferrals frequently trace back to authentication problems even when the visible symptom is TSS04 throttling. Verifying complete authentication is a standard early step in any Yahoo deliverability investigation.
Yahoo incident diagnostic workflow
The procedure when Yahoo delivery degrades:
Step 1: confirm the symptom. Query PowerMTA accounting for t-type records to the yahoo.com queue over the past few hours. Check the dsnDiag for the specific error code.
Step 2: identify the error code. TSS04, TSS09, TS01 indicate throttling (volume or complaints); 554 5.7.9 indicates a permanent block; From-domain-does-not-resolve indicates a DNS issue.
Step 3: check which IPs are affected. Query accounting grouped by source IP. If one IP shows the throttling and others do not, the issue is IP-specific reputation; if all IPs show it, the issue is domain-wide or volume-wide.
Step 4: check complaint data. Review the CFL ARF reports for recent complaint rate. If complaint rate has risen, that explains TSS04. If the CFL is not enrolled, enroll it (the lack of complaint data is itself a problem).
Step 5: check authentication. Verify SPF, DKIM, DMARC, rDNS for the affected sending domain. Use mail-tester.com or similar to confirm authentication is correct.
Step 6: check the queue-to consolidation. Verify the PowerMTA config collapses the full Yahoo family including the 2025 comcast.net and att.net additions. Missing consolidation means combined traffic is being throttled separately.
Step 7: check Yahoo Sender Hub. Review the Yahoo Sender Hub Dashboard for reputation signals and any specific guidance Yahoo provides about the sending domain.
Step 8: take corrective action. For TSS04, reduce volume, process complaints, scrub low-engagement recipients, segment to engaged recipients. For 554 blocks, begin a full audit and gradual re-warm. For authentication issues, fix the authentication.
Step 9: monitor recovery. Watch TSS04 frequency over the next 24-72 hours. Decreasing means corrective action working; persistent means the underlying cause is not yet addressed.
An operator we worked with reported "comcast.net deliverability suddenly degraded" in late 2025 with no obvious cause. Their PowerMTA config had a separate comcast.net domain block with its own throttling, set conservatively, and the comcast.net throttling looked fine in isolation. The investigation revealed the cause was the Comcast migration to Yahoo Mail: comcast.net addresses now route through Yahoo infrastructure, and Yahoo was throttling the operator's IPs based on combined volume across yahoo.com plus the now-consolidated comcast.net traffic. The operator's yahoo.com volume plus comcast.net volume together exceeded what Yahoo's reputation systems tolerated, but because the PowerMTA config treated them as separate destinations, neither individual domain block's throttling reflected the combined reality. The fix was the queue-to consolidation: collapse comcast.net (and att.net family) into the yahoo.com queue with unified throttling. After consolidation, the combined throttling matched Yahoo's reputation reality and the deliverability stabilized. The lesson: the 2025 Yahoo infrastructure consolidation is not just trivia, it directly affects how PowerMTA should be configured, and operators who have not updated their config since the migrations have a real mismatch against current reality.
Yahoo delivery configuration in PowerMTA rewards specific attention because Yahoo is a sensitive receiving environment with well-defined throttling behavior. The domain block with appropriate conservative throttling, the queue-to consolidation that now includes the migrated Comcast and AT&T families, the smtp-pattern-list for automatic TSS04 backoff, complete authentication, and CFL enrollment through the current Sender Hub interface together produce reliable Yahoo delivery. The 2025 infrastructure consolidation means operators must revisit Yahoo configuration even if it worked before, because the definition of Yahoo traffic expanded. Operators who keep Yahoo configuration current handle the inevitable TSS04 events gracefully; operators running stale configuration discover the mismatch during a throttling incident.