Email Throttling & Rate Control
Email throttling is when a mailbox provider deliberately slows or temporarily refuses your mail — signalled by 4xx codes, most often 421 — because you are sending faster than your reputation supports. It is a warning sign in a progression that runs throttling, spam folder, block, blocklist. The key is that it is bilateral: it happens to you, and it should also be done by you, through proactive self-throttling — pacing send rate and connections per provider, backing off on deferrals with jitter, and never retrying at the same volume. MCSNET manages this per ISP on your own IPs from Toronto, so throttling stays predictable and recoverable rather than escalating to a block.
Key takeaways
- Throttling is a 4xx warning (usually 421), not a permanent failure — but the progression runs throttling, spam, block, blocklist, so it has to be handled early.
- It is bilateral — done to you by receivers, and best done by you through proactive self-throttling that keeps control and protects transactional mail.
- There are three limits — message rate, connection concurrency, and messages per connection — and connection limits are separate from rate, often tripped first.
- The cardinal mistake is retrying at the same volume — it amplifies the throttle and escalates a 4xx deferral into a 5xx block.
- A rate limit is feedback: diagnose whether it is volume, list quality or reputation, then cut rate, back off with jitter, and recover — run per ISP on your own IPs under PIPEDA.
Throttling is the email equivalent of a yellow light, and most senders run it. A mailbox provider returns a 421, the sending platform retries the same volume, the provider pushes back harder, and a temporary slowdown becomes a block. Throttling is not a failure in itself — it is a signal, a request to slow down before something worse happens — and the senders who handle it well treat it as feedback to act on rather than an obstacle to power through. This page is the mechanics: what throttling actually is, the three kinds of limit behind it, how to read the codes, and the backoff-and-recovery discipline that keeps a deferral from escalating into a blocklisting.
What is email throttling?
Email throttling is a mailbox provider deliberately slowing or temporarily refusing your mail because you are sending faster than your reputation supports. It announces itself through SMTP 4xx response codes — most commonly a 421 — which mean “not now, try again later,” as distinct from 5xx codes, which are permanent rejections requiring you to fix a cause before retrying. The crucial thing to understand is that throttling is a warning sign, not an endpoint. It sits at the start of a progression that, left unaddressed, runs from throttling to spam-folder placement to outright blocks to blocklisting, with each stage harder to recover from than the last. A provider throttling you is, in effect, giving you a chance to correct course before it stops trusting you altogether. Treating that 421 as useful feedback rather than an error to retry past is the difference between a brief slowdown and a reputation crisis.
Throttling is bilateral: done to you, and by you
The reframe that changes how you handle throttling is recognizing that it works in both directions. It is done to you — by receiving servers enforcing their limits, and by your own ESP, which throttles your outbound mail to protect the shared infrastructure other senders depend on. But it should also be done by you, deliberately: proactive self-throttling, where your sending system paces itself to stay within each provider’s tolerance rather than waiting to be slowed. Self-throttling is the better position to be in, because it keeps you in control — you decide the pace, you keep transactional mail flowing, and you avoid the reputation hit that comes from repeatedly tripping a provider’s limits. A sender who only ever reacts to deferrals is perpetually a step behind, recovering from throttling events; a sender who throttles themselves proactively rarely triggers them in the first place. The goal, as deliverability operators put it, is not to eliminate throttling but to make it predictable and recoverable — and proactive self-throttling is how you get there.
Throttled versus deferred: the distinction
These two words get used interchangeably, and keeping them straight helps you fix the right thing. Throttled, strictly, means your own sending system stopped or paced the mail before it attempted delivery — your platform’s rate limits or your deliberate self-throttling. Deferred means the receiving server accepted the connection and then temporarily refused the message, handing back a 4xx code. The failure points are different and so are the fixes: a deferral from Gmail is Gmail telling you to slow down to it specifically, while a sending-side throttle is your own platform or plan being the constraint. Both are temporary, both involve 4xx-class situations, and both are recoverable — but diagnosing which one you are facing tells you whether to adjust your own configuration or to back off to a particular provider. Conflating them leads to fixing the wrong side of the conversation.
The three kinds of limit
“Sending too fast” actually covers three distinct limits, and they are tripped independently. The first is the message rate — how many messages per second, minute, hour or day you send, with both burst limits and sustained caps. The second is connection concurrency — how many simultaneous SMTP connections you open to a single receiving domain — and this is the one most senders overlook, because it is entirely separate from message rate. You can be well within a provider’s volume limit and still get deferred for opening too many connections at once. The third is messages per connection — how many messages you push down a single session before it is closed and reopened. Each provider weights these differently: Microsoft, for instance, watches concurrent connections more closely than raw volume, so a sender running many inboxes that all send at once hits connection limits before they hit rate limits. Tuning all three per provider, not just the message rate, is what proper rate control means.
| Limit type | What it caps | Typical safe setting |
|---|---|---|
| Message rate | Messages per minute/hour/day | 200–300/min new domain, scaling up |
| Connection concurrency | Simultaneous SMTP sessions per domain | 3–5 per receiving domain |
| Messages per connection | Messages before reopening session | Tuned per provider |
Why are the limits invisible?
Because the limits that matter most are not published, and are not even fixed. Gmail, Microsoft and Yahoo do not provide a table of rate limits you can configure against; instead they apply dynamic throttling that adjusts continuously based on your reputation score, so the threshold that was fine last week can defer you this week if your reputation has slipped. These receiving-server limits are inferred, not looked up — you learn them from the 4xx deferral codes the provider returns when you cross them, which is why monitoring your deferral rate per provider is the only real way to know where you stand. A deferral rate under two percent is healthy; above five percent means you are consistently hitting limits and need to slow down. The practical implication is that rate control cannot be a static configuration file of published numbers. It has to be adaptive — reading each provider’s responses and adjusting to its current, reputation-dependent tolerance — because the limits themselves move.
Reading the 421 codes
A 421 is not one message but a whole vocabulary, and learning to read it tells you exactly what to fix. The enhanced status code that follows the 421 specifies the cause, and they fall into two broad groups. Some are genuine rate signals — a plain 421 4.7.0 meaning slow down, or Gmail’s 421 4.7.28 flagging an unusual rate of mail — where the fix is to reduce rate and back off. But many 421 codes are not about rate at all; they are authentication failures wearing a rate-limit dress: 4.7.26 means the message is unauthenticated, 4.7.27 and 4.7.30 mean SPF or DKIM did not pass, 4.7.40 means there is no DMARC record, and 4.7.23 means your reverse DNS is missing or mismatched. Microsoft has its own family — RP-001 for IP rate limits, RP-003 specifically for connection-limit violations. Reading the specific code rather than treating every 421 as “slow down” is what tells you whether the problem is your pace or your authentication — and those need completely different fixes.
How should you respond to a 421?
With backoff and a reduced rate — and never with an immediate retry at the same volume, which is the cardinal error. When a provider returns a 421, it is asking you to slow down; retrying the same volume against it amplifies the throttle and escalates a temporary 4xx into a permanent 5xx block that is far harder to undo. The correct response is exponential backoff with jitter: retry after progressively longer intervals — fifteen, then thirty, then sixty minutes is a common pattern — while cutting the send rate to that specific provider, and letting the deferred mail drain before raising the rate again. The jitter, a small randomization of retry timing, stops all your deferred mail from retrying in a synchronized burst that looks like a fresh attack. Critically, the deferred mail should be handled in its own lane, per provider, so backing off from Gmail does not slow your delivery to everyone else. Backoff plus a reduced, per-provider rate is how a deferral resolves cleanly; retrying at full volume is how it becomes the block you were trying to avoid.
A rate limit is feedback, not noise
The most useful mindset shift is to treat a rate limit as information about what is wrong, not as an obstacle between you and your send. When deferrals rise, the question is not “how do I get past this” but “what is this telling me,” and the answer points at the fix. If the throttling was caused by a sudden volume jump, the answer is to send less and ramp more gradually. If it was caused by poor list quality, the answer is to remove the risky recipients generating the bounces and complaints. If it was caused by a reputation decline, the answer is to keep only the most expected and engaged mail flowing until deferrals fall, rehabilitating the reputation before resuming volume. In every case, the recovery reduces pressure and improves signal quality at the same time — and crucially, none of those fixes is “retry harder.” Reading the throttle as feedback turns it from a frustration into a diagnostic, and acting on the actual cause is what makes the recovery stick instead of recurring on the next send.
Connection limits: the underrated trap
It is worth isolating connection concurrency, because it catches senders who have their volume perfectly under control. The limit on simultaneous SMTP connections is independent of the message-rate limit, and it is frequently tripped first. Most receiving servers accept only five to twenty concurrent connections from a single IP, so a sender opening a hundred connections to Gmail to push volume faster gets an immediate 421 even though their total message count is entirely reasonable. The configuration that avoids this is conservative: roughly three to five concurrent connections per receiving domain, with backoff on deferrals. This trap hits hardest in setups running many inboxes or threads that all send simultaneously, which is common in cold-email tooling and in poorly tuned bulk systems, and it is why Microsoft’s connection-specific RP-003 deferral appears so often. Whenever throttling persists despite reasonable volume, concurrency is the first thing to check, because no amount of rate reduction fixes a connection-count problem.
How do you recover from severe throttling?
When a provider has throttled you down to a trickle, recovery is reputation rehabilitation, not a configuration tweak. The classic case is severe Yahoo or AOL throttling, where the provider accepts only a handful of messages an hour and recovery is slow and difficult. The playbook is specific: isolate that provider’s traffic into its own lane, send only to your most recently and genuinely engaged recipients there, lower your retry aggressiveness, and crucially do not move the same mail to fresh IPs to evade the throttle — that just burns more IPs and confirms you are behaving like a spammer. The aim is to show the provider a small stream of clearly wanted, well-engaged mail until its trust rebuilds and the deferrals ease. This takes time, often weeks, and there is no shortcut, because the throttle is a reputation judgment and reputation is rebuilt only by sustained good behaviour. The senders who recover are the ones who reduce to quality; the ones who try to push through or jump IPs usually deepen the hole.
How we manage throttling for you
With MCSNET, rate control is proactive and per-provider, run as ongoing operations rather than left to react. We configure self-throttling on PowerMTA or KumoMTA tuned to each provider — message rate, connection concurrency and messages per connection set to each ISP’s tolerance, not a single global rate — so we stay under their limits by design. When deferrals do occur, we respond correctly: reading the specific 421 code to tell a rate problem from an authentication one, applying exponential backoff with jitter in a per-provider lane, cutting the rate to the affected provider while delivery to others continues, and letting the queue drain before resuming. We watch the deferral rate per provider through monitoring so a rising trend is caught before it becomes a block, and when severe throttling hits we run the reputation-rehabilitation playbook rather than jumping IPs. All of it runs on IPs we own, where the per-ISP controls are ours to tune. Throttling becomes predictable and recoverable, which is the only realistic goal.
# mcsnet · rate control · brand.example (per provider) provider conn rate/min defer% last code state gmail 4 220 1.2% — nominal yahoo 3 120 3.8% 421 TS02 backoff 30m microsoft 3 180 0.9% — nominal other 5 300 0.4% — nominal policy backoff: 15→30→60m + jitter · per-provider lanes yahoo deferring → rate cut, queue draining, NOT IP-jumped
Why work with us?
Because we treat throttling as a discipline with known mechanics, not a mystery to retry past. Anyone can send until a provider says no; far fewer pace per provider proactively, tune connection concurrency as carefully as rate, read the 421 codes to fix the actual cause, and recover from a deferral by cutting back rather than pushing harder. We bring that mechanical precision, on IPs we own and tune from Toronto through PowerMTA and KumoMTA’s native per-ISP controls, with reputation and bounce work feeding the same loop, and your data resident in Canada under PIPEDA. The result is sending that rarely triggers throttling and handles it cleanly when it does — judged by what actually reaches the inbox, not by how fast mail leaves the server.
Who this is for, and who it is not
It is for senders hitting real throttling — high-volume programs collecting 421s, multi-inbox operations tripping connection limits, and anyone whose deferral rate has climbed past the point where retrying blindly is making it worse. It is for teams who need per-provider rate control tuned and operated rather than a single global rate guess. It is not for a small sender whose modest, well-authenticated volume rarely meets a limit — they need warm-up and list hygiene more than rate-control machinery, and we will say so. Throttling control pairs with the warm-up that earns the reputation limits are scaled against, the authentication whose absence triggers rate codes, and the monitoring that surfaces deferrals early. Done as proactive, per-provider, feedback-driven control on owned IPs, throttling stops being the thing that escalates into a block and becomes what it should be — a manageable, predictable part of sending at scale.