How should unsubscribes be handled (one-click, instant)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Imagine someone hits the unsubscribe link in your email and gets taken to a page asking them to log in, confirm their choice twice, and wait 10 days to be removed. That's not just a bad experience. It's also a compliance failure, and it's the kind of thing that turns an annoyed subscriber into a spam complaint.
Here's what good unsubscribe handling actually looks like.
One click means one click. No login. No survey. No "are you sure?" page. The person clicks, they're off your list. That's it. If you want to offer a preference center so they can reduce frequency instead of fully unsubscribing, that's fine as an option, but the path to a clean opt-out must always be there and always be immediate.
Suppress immediately. Processing within 10 business days was once acceptable under CAN-SPAM. Today, the expectation has shifted. Gmail and Yahoo Mail have both required one-click unsubscribe support since February 2024 for bulk senders. They expect suppression within two days. Best practice is to suppress immediately, or as close to real-time as your system allows.
What are List-Unsubscribe headers? These are technical headers added to your outbound emails that tell the receiving mail client where to send an unsubscribe request. Gmail and Yahoo Mail use them to display a visible "Unsubscribe" link at the top of the email, right next to the sender name. When a recipient clicks that link, the mailbox provider sends a silent request to your endpoint and removes the subscriber without them ever visiting your site. This is what "one-click unsubscribe" means at the technical level. It uses the List-Unsubscribe-Post header alongside List-Unsubscribe to make it work automatically.
Most major ESPs handle this for you automatically. A quick breakdown:
- Mailchimp adds List-Unsubscribe headers by default on all campaigns.
- Klaviyo includes them automatically and processes suppressions in real time.
- Brevo adds them by default. Check your sending domain settings to confirm.
- Postmark adds them to broadcast emails automatically. Transactional streams handle this differently.
- Custom infrastructure or API senders need to add these headers manually to every message. If you're sending via Amazon SES or Mailgun, you're responsible for adding the headers in your sending code and setting up a suppression endpoint.
To check whether your emails are actually including these headers, send yourself a test message and look at the raw email headers. You should see a List-Unsubscribe line pointing to a mailto or HTTPS endpoint, and a List-Unsubscribe-Post: List-Unsubscribe=One-Click line. Our free Email Header Analyzer can pull this out for you in seconds.
Honor opt-outs permanently. Once someone unsubscribes, they stay unsubscribed unless they choose to come back on their own. Don't treat unsubscribes as temporary. Don't re-add them after a list import. Don't assume that because a year passed, the opt-out "expired." It didn't. A re-engaged subscriber is one who found their way back to your sign-up form. Everyone else stays suppressed.
So one last thing worth knowing. Under explicit consent rules in GDPR and similar frameworks, making unsubscribe difficult isn't just a deliverability problem. It can be a legal one. The easier you make it to leave, the more trust you build with the people who stay.
If you're not sure whether your emails are set up correctly, check your headers with our Email Header Analyzer. And if you're building custom infrastructure and need to wire this up from scratch, we're happy to walk through it. Just reach out via the SOS hotline.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.