How to provide effective unsubscribe methods

If you send mailing list emails, providing a reliable and accessible unsubscribe method is both a legal requirement and good practice. This article explains the methods available, how Leave Me Alone uses them, and what we recommend.

Why this matters

Under the EU/UK GDPR, the California Consumer Privacy Act (CCPA), and CAN-SPAM, recipients have the right to opt out of marketing emails at any time.

Leave Me Alone's Unsubscriber attempts several methods to unsubscribe a recipient on their behalf. The more effective your unsubscribe implementation, the less likely you are to receive a formal removal request email from us.

Recommended methods

1. List-Unsubscribe-Post header (recommended)

This is the gold standard. Adding both a List-Unsubscribe and List-Unsubscribe-Post header to your outgoing emails enables one-click unsubscription per RFC 8058.

List-Unsubscribe: https://yourdomain.com/unsubscribe?id=abc123
List-Unsubscribe-Post: List-Unsubscribe=One-Click

When present, Leave Me Alone will send a POST request directly to your endpoint — no browser interaction required. This is also required by Gmail and Yahoo for bulk senders (5,000+ emails/day) as of 2024.

Your endpoint should:

Accept a POST request with the body List-Unsubscribe=One-Click
Immediately remove or suppress the recipient
Return a 200 OK response

2. List-Unsubscribe header with URL

If you cannot implement one-click unsubscription, a List-Unsubscribe header containing an HTTPS URL is the next best option (per RFC 2369).

List-Unsubscribe: https://yourdomain.com/unsubscribe?id=abc123

Leave Me Alone will open this URL and attempt to follow any unsubscribe steps on the page. For best results, the page should:

Require no login or account creation
Complete the unsubscription with one click or fewer
Confirm the unsubscription clearly on completion

Multi-step flows, CAPTCHAs, or pages that require authentication will cause this method to fail.

3. Unsubscribe link in the email body

If no List-Unsubscribe header is present, Leave Me Alone will look for an unsubscribe link in the body of the email. The same guidance as above applies — the destination page should be simple, require no login, and complete the process in as few steps as possible.

Even if you provide a body link, we strongly recommend also adding a List-Unsubscribe header. Headers are more reliable than body link detection and are used by email clients to surface the unsubscribe option natively.

4. List-Unsubscribe header with mailto

A mailto: address in your List-Unsubscribe header is supported but is the least reliable method:

List-Unsubscribe: mailto:unsubscribe@yourdomain.com?subject=unsubscribe

Leave Me Alone will send an email to this address on the customer's behalf. You must monitor this address and action requests promptly. Under GDPR, you are required to act within 30 days of receipt.

What to avoid

Login walls: you should never require a recipient to log in to unsubscribe
Re-confirmation emails: asking the recipient to confirm via a follow-up email adds friction and may not be actionable by automated tools
Preference centres without a global opt-out: recipients must be able to unsubscribe from all emails, not just specific categories
Broken or expired unsubscribe links: these are a common cause of formal removal requests from us

Testing your implementation

Before sending, verify that:

Your List-Unsubscribe-Post endpoint responds correctly to a POST with body List-Unsubscribe=One-Click
Your unsubscribe page works without cookies, sessions, or authentication
The unsubscription takes effect immediately, or within a reasonable processing window

Need help?

If you're unsure how to implement any of the above, or you're receiving removal request emails from us and aren't sure why, reach out to our support team, our tech team is happy to help.