# What is one-click unsubscribe and is it required?

> One-click unsubscribe lets recipients opt out in a single click using RFC 8058 headers, and it's required for bulk senders to Gmail and Yahoo.

One-click unsubscribe is a standard, defined in RFC 8058, that lets a recipient opt out of a mailing list with a single click directly from their inbox — no landing page, no login, no preference centre. The mailbox provider reads two headers in your message and shows an "Unsubscribe" link next to the sender name; clicking it sends the opt-out straight to your server. For bulk senders to Gmail and Yahoo, it is not optional: since 2024 both providers require it for anyone sending more than 5,000 messages a day to their users.

## Quick Takeaways

- One-click unsubscribe removes a subscriber in a single action from the inbox, using the `List-Unsubscribe` and `List-Unsubscribe-Post` headers defined in RFC 8058.
- Gmail and Yahoo require it for bulk senders — those sending more than 5,000 messages per day to their users.
- The mailbox provider sends an HTTP POST to your unsubscribe URL; the process must not require a login or any extra step.
- Requests must be honored within two days, per Google's sender guidelines.
- It is separate from, but complements, the visible "unsubscribe" link inside your email body — you still need both.
- Missing or broken one-click unsubscribe can hurt [deliverability](/learning/what-is-email-deliverability) and trigger spam-folder placement or outright rejection.

## What is one-click unsubscribe?

One-click unsubscribe lets a recipient leave a mailing list without opening the email or visiting a website. The mailbox provider — Gmail, Yahoo, and others — surfaces an "Unsubscribe" control near the sender's name at the top of the message. When the recipient clicks it, the provider quietly tells your server to remove that address. The subscriber never sees a "are you sure?" page or a preference centre asking them to log in.

This is defined by [RFC 8058](https://www.rfc-editor.org/rfc/rfc8058), an internet standard published to make list removal genuinely one-step. Before it, the older `List-Unsubscribe` header often pointed to a web page that still asked the user to click through several screens — friction that pushed frustrated recipients to hit "report spam" instead, which is far more damaging to a sender's reputation.

## How does one-click unsubscribe work?

The mechanism relies on two email headers working together:

- **`List-Unsubscribe`** carries the unsubscribe target. For one-click it must include an HTTPS URL (a `mailto:` address may be listed too, but the URL is what enables the one-click flow):
  `List-Unsubscribe: <https://example.com/unsubscribe?id=abc123>`
- **`List-Unsubscribe-Post`** signals that the URL supports the automated one-click POST. Its value is fixed:
  `List-Unsubscribe-Post: List-Unsubscribe=One-Click`

When the recipient clicks the provider's unsubscribe link, the mailbox provider sends an HTTP `POST` request to your `List-Unsubscribe` URL with the body `List-Unsubscribe=One-Click`. Your server reads that request and removes the address — no human visits the link, so it must work without any interactive confirmation, cookie, or sign-in. Both headers must be present and the message should be authenticated with a domain that aligns to your [DMARC](/tools/dmarc) policy for providers to trust the request.

## Is one-click unsubscribe required?

For bulk senders, yes. As part of the sender requirements Google and Yahoo rolled out through 2024, anyone sending more than 5,000 messages per day to their users must support one-click unsubscribe for marketing and subscribed messages. [Per Google's sender guidelines](https://support.google.com/a/answer/81126), those senders must include the `List-Unsubscribe` and `List-Unsubscribe-Post` headers and honor opt-out requests within two days. Yahoo publishes matching requirements.

Two things are worth being precise about:

- **It applies to bulk senders, not every sender.** If you send low volumes, one-click unsubscribe is strongly recommended but not mandated by these rules. Because thresholds and enforcement tighten over time, though, building it in now is the safe choice — the same direction of travel behind [stricter sender requirements generally](/learning/google-is-making-email-sender-requirements-stricter-starting-nov-2025).
- **It does not replace the in-body link.** You still need a visible "unsubscribe" link inside the email itself. One-click unsubscribe is the header-driven mechanism the mailbox provider uses; the in-body link is what a reader clicks manually.

Ignoring the requirement has real consequences. Providers may filter your mail to spam or reject it outright — the kind of failure behind [Gmail 550 rejections](/learning/why-is-gmail-rejecting-emails-550-error-2026) and [Yahoo blocking unauthenticated mail](/learning/why-is-yahoo-blocking-my-emails-as-unauthenticated).

## How do you set up one-click unsubscribe?

Most reputable email service providers add the headers automatically once you enable list-unsubscribe, but the moving parts are worth understanding:

1. **Add both headers to every bulk message.** Include a valid HTTPS `List-Unsubscribe` URL and the fixed `List-Unsubscribe-Post: List-Unsubscribe=One-Click` value.
2. **Build an endpoint that accepts a POST.** The URL must process an HTTP POST containing `List-Unsubscribe=One-Click` and unsubscribe the recipient without any login or extra confirmation.
3. **Remove the address within two days** — faster is better. The address should stop receiving marketing mail promptly.
4. **Authenticate the message.** Make sure the mail passes [SPF](/tools/spf), [DKIM](/tools/dkim), and aligns with your [DMARC](/tools/dmarc) record, since providers weigh authentication when deciding whether to trust the unsubscribe request.
5. **Keep the in-body link too.** Belt and braces: the header mechanism plus a visible link in the footer.

If you manage sending for clients, treat one-click unsubscribe as part of the same hygiene checklist as authentication and [domain reputation](/learning/how-can-you-check-and-improve-your-email-domain-reputation).

## Common issues with one-click unsubscribe

### Gmail isn't showing the unsubscribe link

The link only appears when both headers are present and the message is authenticated. Confirm you're sending `List-Unsubscribe-Post: List-Unsubscribe=One-Click` alongside a valid HTTPS `List-Unsubscribe` URL, and that the message passes SPF, DKIM, and DMARC alignment. Gmail also tends to hide the control on low-volume or transactional mail, so test with the kind of bulk campaign the requirement targets.

### My unsubscribe URL requires a login or a confirmation page

That breaks the standard. The POST from the mailbox provider is automated — there is no human to click a "confirm" button or sign in. Strip every secondary step so the single POST completes the removal. A preference centre can exist, but it cannot be a required step in the one-click path.

### The header points to a mailto: address only

A `mailto:` entry supports the older email-based opt-out, but it does not enable HTTPS one-click. To satisfy Gmail and Yahoo you need an HTTPS URL in `List-Unsubscribe` paired with the `List-Unsubscribe-Post` header. You can list both a URL and a mailto:, but the URL must be there.

### Recipients still report spam despite the link

If opt-outs aren't processed quickly, people give up and report spam instead. Make sure removals happen within the two-day window and that unsubscribed addresses actually stop receiving mail across every list and sending platform you use.

## Frequently asked questions

**Is one-click unsubscribe the same as the List-Unsubscribe header?**
Not quite. The older `List-Unsubscribe` header has existed for years and could point to a web page or a mailto: address. One-click unsubscribe is the RFC 8058 upgrade that adds `List-Unsubscribe-Post` and requires the URL to complete removal in a single automated POST.

**Do I need it if I send fewer than 5,000 emails a day?**
The Gmail and Yahoo bulk-sender rules target senders above that threshold, so it isn't mandated for small senders. It is still good practice — it reduces spam complaints and improves the subscriber experience — and thresholds have only tightened over time.

**Does one-click unsubscribe affect deliverability?**
Yes, indirectly and strongly. Making it easy to leave a list cuts spam complaints, and low complaint rates are one of the signals mailbox providers use to decide inbox placement. Missing or broken unsubscribe handling pushes users to the "report spam" button, which hurts [deliverability](/learning/what-is-email-deliverability).

**Do transactional emails need it?**
The requirement centres on marketing and subscribed (bulk) messages, not one-to-one transactional mail like receipts or password resets. When in doubt, apply it to anything promotional.

Palisade won't manage your unsubscribe lists, but it does own the authentication half of these bulk-sender requirements: it monitors your SPF, DKIM, and [DMARC](/tools/dmarc) records and walks you to enforcement, so the mail carrying your unsubscribe headers is trusted in the first place. Check where your domain stands with a free scan from the [Email Security Score](/tools/email-security-score) tool.

## Related reading

- [Why is Gmail rejecting my emails with a 550 error?](/learning/why-is-gmail-rejecting-emails-550-error-2026)
- [Why is Yahoo blocking my emails as unauthenticated?](/learning/why-is-yahoo-blocking-my-emails-as-unauthenticated)
- [Why am I not receiving emails? How to troubleshoot](/learning/why-am-i-not-receiving-emails-how-to-troubleshoot)
