Deliverability

Deliverability

Sender Requirements & Recommendations

A key mission of Yahoo is to deliver messages that consumers want to receive and filter out the messages they don't. The best way to ensure your messages are delivered is to send timely and relevant email to an active and engaged audience.


Follow these requirements and tips to help your mailings reach their intended audience.


For more sender best practices, read the Messaging Anti-Abuse Working Group's Senders Best Communications Practices Version 3.0 .

Email Sender Requirements

Note: Beginning in February 2024, enforcement of the following sending standards will take effect. Ensure you meet these requirements in order to avoid a negative impact to the delivery of your mail at Yahoo domains. Enforcement will be gradually rolled out, as we monitor compliance through the first half of the year. The requirements are subject to change, so please monitor our blog and this page for updates.

Requirements for All Senders:
  1. Authenticate your mail
    • Implement SPF or DKIM at a minimum
  2. Keep spam complaint rates low
    • Keep your spam rate below 0.3%
  3. Have a valid forward and reverse DNS record for your sending IPs
  4. Comply with RFCs 5321 and 5322
Requirements for Bulk Senders:
  1. Authenticate your mail
    • Implement both SPF & DKIM
    • Publish a valid DMARC policy with at least p=none - DMARC must pass
      • Including a “rua” tag, which is properly set up to receive reports, is strongly recommended to allow monitoring during initial setup
      • Relaxed alignment is acceptable
      • Ensure the domain in the From: header is aligned with either the SPF domain or the DKIM domain. This is required for DMARC alignment.
  2. Support easy unsubscribe
    • Implement a functioning list-unsubscribe header, which supports one-click unsubscribe for marketing and subscribed messages
      • The Post (RFC 8058) method is highly recommended
      • The mail-to: method is acceptable
    • Have a clearly visible unsubscribe link in the email body - this may direct to a preference page
    • Honor unsubscribes within 2 days
  3. Keep spam complaint rates low
    • Keep your spam rate below 0.3%
    • Spam rate is calculated in our system based on mail delivered to the inbox - keep this in mind when referencing CFL data and calculating the rate in your own system
  4. Have a valid forward and reverse DNS record for your sending IPs
  5. Comply with RFCs 5321 and 5322

Please refer to our FAQs and the additional recommendations below for more information.

Additional Recommendations for Senders

Send Emails customers want
  • Verify you're only sending mail to users who specifically requested it.
  • Honor the frequency of the list's intent. Don't start sending daily emails to subscribers of your weekly or monthly mailing.
  • Don't purchase mailing lists or subscribe users by having an opt-in checkbox automatically checked on your website.
Authenticate using SPF, DKIM, and DMARC
  • Yahoo strongly urges all senders to publish a DMARC policy for each domain that sends mail. For some senders, this is now a requirement (see above).
  • A DMARC (Domain-based Message Authentication, Reporting & Conformance) policy allows a sender to indicate that their messages are protected by DKIM and/or SPF, and tells a receiver what to do if neither of those authentication methods passes.
  • Authenticate every email with DKIM (Domain Keys Identified Mail), which creates a signature of the content of the message.
  • DKIM signatures allow Yahoo to associate email with the sender and verify that the content of the email has not been changed during transmission.
  • Publish valid SPF (Sender Policy Framework) records, which allow a sender to specify the list of IPs which are allowed to send mail for that domain.
  • SPF records allow Yahoo to reject messages which originate from IPs not listed in the domain's SPF record.
  • Following these recommendations should provide senders with a consistent reputation for their domain, regardless of which IP mail is sent from.
  • For more information, see our FAQ, M3AAWG, DMARC.org, DKIM.org, and OpenSPF.org.
Segregate Email types by IP or DKIM domain
  • Don't send bulk/marketing email from the same IPs you use to send user mail, transactional mail, alerts, etc.
  • Each IP and DKIM domain has a reputation, which can impact the delivery of your email.
  • Sending unsolicited commercial email can negatively affect your reputation.
  • By segregating your email according to function, you help ensure that your mail receives the best delivery possible.
Use OPT-IN method to confirm user subscriptions
  • When users subscribe to your mailing list, send them an email asking them to click to confirm their opt-in. This will improve the experience for users (who won't sign up accidentally or get signed up maliciously) and for your list (which won't contain uninterested people, fake email addresses, or most robots).
  • Set recipient expectations clearly when users subscribe. Let them know what mail to expect, how often it will be sent, and what it will look like.
Allow users to easily unsubscribe
  • Support One-Click Unsubscribe, a method for signaling a one-click function for the List-Unsubscribe email header field. Refer to RFC 8058 for details. This is now a requirement for some senders (see above).
  • Provide an obvious and visible unsubscribe process that doesn't require users to log in.
  • Requests should be processed within 2 days.
Remove invalid recipients
  • Sending email to users who are not reading them, or who report them as spam, will harm your delivery metrics and reputation.
  • Monitor hard and soft bounces as well as inactive recipients.
  • Reduce the number of invalid recipients by using double/confirm opt-in.
  • Remove invalid recipients from your list promptly.
  • Consider sending a reconfirmation email to inactive subscribers periodically.
Enroll in the Complaint Feedback Loop (CFL)
  • Once you sign your emails with DKIM, our CFL program can help you track and manage your spam complaint rates.
  • When users click “report spam,” you can get a copy of the spam complaint.
  • An active CFL is needed for all DKIM domains to make sure you're processing complaints quickly.
  • Use the CFL to maintain a clean mailing list.
  • Use the CFL to monitor your complaint rate, and ensure you are remaining below 0.3% if you are a bulk sender.
Publish reverse DNS (PTR) records
  • Publish valid, meaningful, non-generic reverse DNS (PTR) records for all of your sending IPs.
  • Reverse DNS should reflect your domain name in some way.
  • Do not use a reverse DNS that looks like a dynamically-assigned IP instead of a static mail server.
Ensure mail servers are secure
  • Maintain mail server security with the latest security patches to prevent unauthorized or anonymous use.
  • Filter user-generated content before sending it, to prevent spammers from using your resources.
  • Be aware that if your servers act as “open proxies” or “open relays,” spammers may attempt to send their own mail from your systems.
  • Add routes for all the IP space that you own to reduce vulnerability to BGP hijacking, which allows hackers to send mail that pretends to come from your IP space.
Control the flow of your outbound emails
  • Limit the messages sent per connection - Yahoo accepts a limited number of messages per SMTP connection. If this per-connection limit is reached, no further messages will be accepted for delivery as our server automatically terminates the connection, without giving an error message.
  • Reestablish connections if you do not get an error code - When our server terminates your connection, you may try to reconnect to our MX servers immediately thereafter.
  • Open concurrent connections - You may open concurrent connections from the same server to facilitate efficient transmission of your messages. However, while we do not publish specific guidelines for the numbers of connections you can concurrently use, we ask that you treat our resources with respect. The more you take, the fewer there are for others, which may force us to de-prioritize connections from your server(s).
Be compliant with RFCs and CAN-SPAM
  • Regardless of where in the world you're sending your mail, make sure you adhere to the requirements stipulated by the CAN-SPAM Act.
  • The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
  • Don't use false or misleading header information or deceptive subject lines to hide, forge or misrepresent the sender or origin of the email.
  • All email must be compliant with RFC 5321 and RFC 5322.