Compliance

List-Unsubscribe Header

Definition

The List-Unsubscribe header is an email header, defined in RFC 2369, that tells the mail client how to unsubscribe a recipient, so the client can show its own “Unsubscribe” link near the sender name. It carries a mailto: address, an HTTPS URL, or both. Paired with a second header it powers one-click unsubscribe, which Gmail and Yahoo require from bulk senders.

A header that lets the mail client render a native unsubscribe link
Holds a mailto: address, an HTTPS URL, or both, in angle brackets
Originally defined in RFC 2369 back in 1998
Required by Gmail and Yahoo for bulk senders since February 2024

At a glance

Header type Email header field

Defined in RFC 2369 (1998)

Values mailto: and/or HTTPS URL

One-click via List-Unsubscribe-Post (RFC 8058)

Required by Gmail & Yahoo bulk senders (Feb 2024)

Placed in The message headers, not the body

What the header does

Most unsubscribe links live in the body of an email, at the very bottom, where a recipient has to scroll and hunt. The List-Unsubscribe header moves that option into the mail client itself. When Gmail, Apple Mail, Outlook, or Yahoo sees the header, it can render its own “Unsubscribe” control right next to the sender’s name at the top of the message, before the recipient ever opens it.

The header sits in the message’s technical headers, not the visible body, and lists one or more methods the client can use, each wrapped in angle brackets and separated by commas. The two methods are a mailto: address (the client sends an unsubscribe email) and an HTTPS URL (the client opens or posts to a web endpoint). It is a convenience and trust signal: an easy, native unsubscribe means fewer people resort to the “report spam” button instead.

Anatomy of the headers

For modern one-click behaviour you publish two headers together: List-Unsubscribe with the methods, and List-Unsubscribe-Post to signal that the URL accepts a one-click POST. Per RFC 8058 the URL must be HTTPS, and a mailto: may be listed as a fallback.

List-Unsubscribe with an HTTPS URL and a mailto fallback, plus the one-click signal

List-Unsubscribe: <https://example.com/unsub?id=8a3f&t=9c1e>,
  <mailto:unsubscribe@example.com?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Why it is now mandatory

Since February 2024, Google and Yahoo have required every bulk sender (anyone sending 5,000 or more messages a day to their users) to include a working List-Unsubscribe header in commercial and promotional mail, and to support one-click unsubscribe with the List-Unsubscribe-Post header per RFC 8058. They also expect senders to process those requests within two days. Enforcement of the one-click requirement ramped through to June 1, 2024.

The header has to be reachable through authentication too: for one-click to be honored, the message must carry a valid DKIM signature that covers the List-Unsubscribe headers, so they cannot be forged or stripped. A correct, signed header is now part of the baseline for reaching the Gmail and Yahoo inbox at scale, not an optional nicety.

How the List-Unsubscribe header reaches the recipient

Your sending platform adds the List-Unsubscribe headers

DKIM signs the message, covering those headers

Unsigned: one-click ignored

The mail client reads the header and shows a native Unsubscribe link

The recipient clicks it

POST to HTTPS URL Or a mailto fallback

Your server suppresses the address within two days

Header unsubscribe vs in-body link

	List-Unsubscribe header	In-body link
Where it shows	Top of message, by the sender name	Bottom of the email body
Effort to find	One click, no scrolling	Scroll and hunt
Required by Gmail/Yahoo?	Yes, for bulk senders	Allowed, but not enough alone
Reduces spam complaints?	Strongly	Less so
Needs DKIM coverage?	Yes, for one-click	No

By the numbers

1998

The year RFC 2369 first defined the List-Unsubscribe header field.

5,000+/day

The bulk-sender threshold at which Gmail and Yahoo require the header, since February 2024.

2 days

The window in which Gmail and Yahoo expect an unsubscribe request to be honored.

Common mistakes

Adding the header without DKIM coverage

For one-click to be honored, a valid DKIM signature must cover the List-Unsubscribe headers. An unsigned or unaligned header is ignored, and the bulk-sender requirement is not met.

Only providing a mailto:

A mailto alone does not satisfy the Gmail and Yahoo one-click requirement, which expects an HTTPS URL plus the List-Unsubscribe-Post header. Provide the URL method; keep mailto only as a fallback.

Forgetting the angle brackets

Each URI in the header must be wrapped in angle brackets and multiple URIs comma-separated, per RFC 2369. A malformed value can cause clients to ignore the header entirely.

Not actually processing the request

A header that renders a link but never suppresses the address is worse than none. Make sure the endpoint records the opt-out and stops future sends within two days.

Frequently asked questions

What is the List-Unsubscribe header?

It is an email header, defined in RFC 2369, that tells the receiving mail client how a recipient can unsubscribe. When a client like Gmail or Apple Mail sees it, it can show a native “Unsubscribe” link next to the sender’s name. The header can contain a mailto: address, an HTTPS URL, or both, each in angle brackets.

Is the List-Unsubscribe header required?

For bulk senders, yes. Since February 2024 Gmail and Yahoo require any domain sending 5,000 or more messages a day to their users to include a List-Unsubscribe header in commercial mail and to support one-click unsubscribe through the List-Unsubscribe-Post header. Smaller senders are not mandated but benefit from including it, because the easy unsubscribe reduces spam complaints.

What is the difference between List-Unsubscribe and List-Unsubscribe-Post?

List-Unsubscribe (RFC 2369) lists the methods a client can use to unsubscribe, a URL or a mailto. List-Unsubscribe-Post (RFC 8058) is a second header that signals the URL supports true one-click: when present, the client sends a single POST request to the URL with no extra confirmation step. You need both for compliant one-click unsubscribe.

Does the List-Unsubscribe header need DKIM?

For one-click unsubscribe to be honored, yes. RFC 8058 requires the message to carry a valid DKIM signature that covers at least the List-Unsubscribe and List-Unsubscribe-Post headers, so a receiver can trust the headers were not forged or altered. Without that signed coverage, clients will not act on the one-click POST.

Sources & further reading

RFC 2369 · URLs as meta-syntax for core mail list commands (List-Unsubscribe) RFC 8058 · Signaling one-click functionality for List email headers Google Email Sender Guidelines · List-Unsubscribe and one-click requirements

Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← Back to glossary