What's the difference between mailto: and http: List-Unsubscribe?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You've probably noticed that the List-Unsubscribe header can carry two different types of values. One starts with mailto: and one starts with https:. They both let mailbox providers show a one-click unsubscribe button, but they work in very different ways.

mailto: works like this. When triggered, the recipient's email client composes and sends a blank email to your unsubscribe address. Your system then processes that incoming email and removes the address. It's client-side, it doesn't require a browser, and it's been around for a long time. The catch is that some email clients prompt the user before sending, which adds friction. And it doesn't satisfy the modern one-click standard on its own.

A mailto: header looks like this:

List-Unsubscribe: <mailto:unsub@yourdomain.com?subject=unsub-abc123>

https: works differently. When triggered, the mailbox provider sends a silent POST request directly to your URL in the background. No browser opens. No confirmation page. The subscriber is just removed. This is what's known as one-click unsubscribe, and it requires the companion header List-Unsubscribe-Post: List-Unsubscribe=One-Click to work correctly.

That header combo looks like this:

List-Unsubscribe: <https://yourdomain.com/unsubscribe?token=abc123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Which one should you use? Both, ideally. You can include both values in a single header and clients will pick their preferred method:

List-Unsubscribe: <https://yourdomain.com/unsubscribe?token=abc123>, <mailto:unsub@yourdomain.com?subject=unsub-abc123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Gmail strongly prefers HTTPS with the Post header. Since Google and Yahoo Mail made one-click unsubscribe a requirement for bulk senders in 2024, mailto: alone no longer cuts it. If you're sending to more than 5,000 recipients a day, you need the HTTPS version.

And most modern ESPs handle all of this for you automatically. But if you're rolling your own sending infrastructure, or auditing what your platform is actually sending, it's worth checking your raw headers to confirm both values are present and that the Post header is there too. (You can check your headers with our free Email Header Analyzer if you're not sure what yours look like.)

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Check my List-Unsubscribe setup

I send bulk email and want to make sure my List-Unsubscribe header is set up correctly for my ESP or sending setup. Can you review what I have and tell me whether I'm using mailto: or https:, whether I have the One-Click Post header, and whether this satisfies Gmail and Yahoo's 2024 requirements? Here's my current header: paste header

Edit the yellow boxes, then send to the AI of your choice.