One-click unsubscribe: Don't do it

I've talked about unsubscribe practices in more detail before, but I think it's important enough to call this one out on its own.

If your email send platform, CRM, or newsletter tool, includes a "one click unsub" link, you're going to end up with false positive unsubscribes, and at some point, it's going to drive you bonkers. I've had to deal with stuff like a client's angry CEO wondering why they're not getting copies of their own newsletter, only to find that their Barracuda or Microsoft email security service is causing the unsubscribe action, by clicking (following) the unsub link, when checking all the links in every email received, to look for bad stuff. Or if you're trying to do seedlist-based inbox placement testing and your testing vendor/partner has link checking functionality -- when this happens you can end up with false positive indications of spam blocking because of accidentally unsubscribed seed list test addresses. And of course, real subscribers can end up unsubscribed. You know how hard it is to build an email list. Do you really want to employ methodologies that can lead to oopsies that result in subscribers "falling off of" that email list? I don't.

Wherever you've got a one click unsubscribe, it should become a two click unsubscribe. 

Requiring "proof of humanity" via an extra click to confirm expression of a preference shouldn't violate any spam laws (though keep in mind that I'm not a lawyer and you should always ask a lawyer to advise if you have concerns here). Bots aren't going to then click through the links on the landing page (today, anyway), so there's no need for a CAPTCHA puzzle. And also, whatever you do, don't do "double opt-out" -- a uniquely silly process where you send an email to a person and make them confirm the opt-out by clicking. Not only do I doubt the legality of this for marketing email, I know it makes a lot of people angry and it's just going to cause people to report the "unsub confirmation" email as spam and this will eventually cause damage to your sender reputation. If you do want to notify a subscriber, I think it's probably fine to send them a "goodbye" email -- in some unsub scenarios a goofball could unsubscribe somebody OTHER than themselves, and a goodbye email would warn the affected subscriber of what's going on. But that's such a rarity that I'm not even sure that it's necessary. It is, at least, much less annoying than a "double opt-out" email.

If you're not able to bend your email send platform to convert an existing unsub process from one-click to two-click, see if you have any other options. I know that some email sending platforms can have an "update my profile" link, in addition to or instead of a one-click unsub link. If that profile link leads to a page that has an unsub button on it, that might be a good alternative to the one-click unsub link. But be sure to check with your sending platform and/or your friendly spam law specialist to make sure that you're confident that this is legally compliant wherever you are.

Edited to add: DO implement RFC 8058, one-click unsub handled in a very specific way that is generally less susceptible to bot clicks and integrates well into webmail interfaces and email applications, though. That's NOT the type of one-click I'm talking about above. I've talked more about my support for and recommendation of RFC 8058 earlier this year.



  1. I remember being on a call and Microsoft explicitly saying your unsub variables should never be part of the url path, that you should parameterize them instead. I believe this was to avoid false clicks.

  2. well Google and Yahoo are forcing it starting February 2024 so what now?

    1. Read more. Gmail/Yahoo are requiring RFC 8058 "one click unsub post" functionality. That is far different than a one-click-and-done (fallible to bot clicks) unsub link in the body of the email.

  3. The obviouse solution is to check for the URL encoded form value that will be sent with the request. Thats why its there. If thats no there then obviously its not coming from a service thats intending to unsubscribe.


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.