But blocking those IP's would deny your users to get out to yahoo.com? What about getting some type of a web filter or IDS/IPS?

Sure, but what does Yahoo offer that you can't get at say, Google, MSN, or CNN?

But if you don't block Yahoo's entire range, users will still be able to use Yahoo's web mail and web messenger since they travel over port 80.

Tossing an opinion into the mix, it's more administrative overhead than it's worth considering Yahoo is no longer a top search engine, and any news/services it offers can be found elsewhere. Not to mention, getting a web filter and/or IDS/IPS to do the job (or even content switching) would incur a cost that can be easily avoided by an ACL blocking the IP range.

Problem is, if you have to block chat services, and you take this approach, then you have to block MSN chat, google chat, AOL chat...and if you're blocking the whole range, before you know it half the internet is blocked...

Just create an ACL to block everything 0.0.0.0 LOL. Then no problem at all.. :-) Unless he really don't like yahoo at all and he is only allowing google chat, msn chat.

Not really, as Gmail uses a specific server to log in (mail.google.com), MSN chat has no web interface as far as I know, and AOL chat uses login.messaging.aol.com (and their web version uses aimexpress.aol.com, so that can be pinpointed as well.

Of course, I suppose the idea of Yahoo chat not being sanctioned as an acceptable chat client by a company completely escaped your thought process, no?