A couple of years ago, I wrote a blog post called 'One Click Unsubscribe: Don't do it!' and ever since then, I think people have misunderstood it. Especially in this new age where Yahoo and Google now require one click unsubscribe support from marketing senders and the platforms supporting them.
Then I posted a followup entitled 'I love RFC 8058 and you should, too!' where I attempted to clarify that I think one-click unsubscribe (as described in RFC 8058) is a good thing and that people SHOULD indeed follow the recommendations there. But did that clear up the confusion? I don't think so, because I keep getting feedback in response to both posts where people question my guidance or don't understand it.
Thus, it's that time again. Time to clarify the expectations around one-click unsubscribe, in this new age, taking into account the new Yahoo and Google 2024 sender requirements.
Yahoo and Google have both said that the goal here is to make it easier for end users to unsubscribe. That's goal number one.
But there's a second requirement that the email marketing platforms need to be thinking of. And that is: minimizing false positive unsubscribes caused by bot or security device clicks.
And confusion around these two requirements – or the potential for conflict between these two requirements – is what drove the confused feedback to my two prior posts. Truth be told, you can meet both of these requirements all at once. It's not that hard. Here's all you need to keep in mind:
For the unsub link in the email message body, lead to a landing page where you ask a person to confirm the unsub by clicking. Bots/security devices shouldn't click the second link or follow other links. Yes, this is totally compatible with the one-click unsub Yahoo/Google requirements. They're talking about the special 'list unsub' headers. They're not saying that the links in the email message body have to be 'one click,' just that the unsub process needs to be easy and simple.
For the unsub link in the email headers – this is the 'list unsubscribe' functionality that needs to be implemented in a very specific way (as covered in RFC 8058):
If called via GET? Show landing page, invite user to set preferences or unsub.
If called via POST? Silently unsub the user. One click and done.
And don't forget, I put together a free on-demand webinar on the topic of list-unsubscribe and how platforms need to implement that support.
The whole point here (POST versus GET) is that the POST functionality doesn't get triggered by accident. The receiving mailbox provider has to trigger it, in a very specific way, to properly denote the unsubscribe request. That's why it's "safe" (from the perspective of bot/security service clicks) to immediately unsubscribe the user, while the GET version is not similarly safe -- it can be triggered "accidentally" by bots or security scans.
To recap, Yahoo and Google are indeed saying that you must comply with RFC 8058. Meaning that your emails must contain the proper headers to enable 'one click' unsubscribe when requested by subscribers by clicking the appropriate 'unsubscribe' button appearing in the Yahoo or Gmail user interface (not the link in the message body). If you're a marketing sender using an email service provider (ESP) or customer relationship management (CRM) tool to send your marketing messages; it's up to your provider to implement this functionality. It's not something that you should have to manually configure yourself.
There is one caveat, in that your mail must properly authenticate with a DKIM signature, and that DKIM signature configuration must properly cover the list-unsubscribe headers. This, again, is mostly email sending service provider stuff, not stuff that users of the email service provider generally have to worry about – except for ensuring that DKIM is properly configured and working. No DKIM means no compliance, and come June 2024, this probably means, no email delivered to the inbox.
A few providers have been slow to enable compliance for all of this. One assumes folks are working on this, but make sure you test for yourself and don't just assume that the email sending platform you use will comply. The Aboutmy.Email tool from Steve Atkins of Word to the Wise is a great way to test and make sure that your email messages comply.
And if you have more questions about the new Yahoo/Google 2024 Sender Requirements and how to comply, click here for my guide, and be sure to visit the whole 'Yahoo/Google 2024' section here on Spam Resource.
A couple of years ago, I wrote a blog post called 'One Click Unsubscribe: Don't do it!' and ever since then, I think people have misunderstood it. Especially in this new age where Yahoo and Google now require one click unsubscribe support from marketing senders and the platforms supporting them.
Then I posted a followup entitled 'I love RFC 8058 and you should, too!' where I attempted to clarify that I think one-click unsubscribe (as described in RFC 8058) is a good thing and that people SHOULD indeed follow the recommendations there. But did that clear up the confusion? I don't think so, because I keep getting feedback in response to both posts where people question my guidance or don't understand it.
Thus, it's that time again. Time to clarify the expectations around one-click unsubscribe, in this new age, taking into account the new Yahoo and Google 2024 sender requirements.
Yahoo and Google have both said that the goal here is to make it easier for end users to unsubscribe. That's goal number one.
But there's a second requirement that the email marketing platforms need to be thinking of. And that is: minimizing false positive unsubscribes caused by bot or security device clicks.
And confusion around these two requirements – or the potential for conflict between these two requirements – is what drove the confused feedback to my two prior posts. Truth be told, you can meet both of these requirements all at once. It's not that hard. Here's all you need to keep in mind:
And don't forget, I put together a free on-demand webinar on the topic of list-unsubscribe and how platforms need to implement that support.
The whole point here (POST versus GET) is that the POST functionality doesn't get triggered by accident. The receiving mailbox provider has to trigger it, in a very specific way, to properly denote the unsubscribe request. That's why it's "safe" (from the perspective of bot/security service clicks) to immediately unsubscribe the user, while the GET version is not similarly safe -- it can be triggered "accidentally" by bots or security scans.
To recap, Yahoo and Google are indeed saying that you must comply with RFC 8058. Meaning that your emails must contain the proper headers to enable 'one click' unsubscribe when requested by subscribers by clicking the appropriate 'unsubscribe' button appearing in the Yahoo or Gmail user interface (not the link in the message body). If you're a marketing sender using an email service provider (ESP) or customer relationship management (CRM) tool to send your marketing messages; it's up to your provider to implement this functionality. It's not something that you should have to manually configure yourself.
There is one caveat, in that your mail must properly authenticate with a DKIM signature, and that DKIM signature configuration must properly cover the list-unsubscribe headers. This, again, is mostly email sending service provider stuff, not stuff that users of the email service provider generally have to worry about – except for ensuring that DKIM is properly configured and working. No DKIM means no compliance, and come June 2024, this probably means, no email delivered to the inbox.
A few providers have been slow to enable compliance for all of this. One assumes folks are working on this, but make sure you test for yourself and don't just assume that the email sending platform you use will comply. The Aboutmy.Email tool from Steve Atkins of Word to the Wise is a great way to test and make sure that your email messages comply.
And if you have more questions about the new Yahoo/Google 2024 Sender Requirements and how to comply, click here for my guide, and be sure to visit the whole 'Yahoo/Google 2024' section here on Spam Resource.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.