The rules quietly changed in February 2024. If your unsubscribe guide is older than that, it’s giving you 2014 advice for 2026 inboxes.
Here’s what happened. Gmail and Yahoo started enforcing new requirements for any sender pushing more than 5,000 messages a day to their inboxes. One of those requirements: a working one-click unsubscribe, implemented via two specific email headers, honored within two days. Get it wrong and the receiving server can start deferring or rejecting your mail. No takedown notice. Just a quiet drop in inbox placement, then a complaint rate creeping toward the 0.3% line where Gmail starts treating you like a spammer.
So the unsubscribe link isn’t a footer afterthought anymore. It’s part of your deliverability stack.
This piece walks through the modern stack in the order that matters: the platform floor (what Google and Yahoo now enforce), the legal floor (CAN-SPAM, CASL, GDPR), the UX layer (what good actually looks like), and the retention layer (how to save subscribers who were wavering, not the ones already gone).
Why the unsubscribe link decides your sender reputation
Here’s the part most guides skip. Every spam complaint is a thumb on the scale of your sender reputation. And every recipient who can’t find your unsubscribe link is one click away from logging a complaint instead.
Gmail publishes the math openly through Postmaster Tools. Their stated thresholds are tight: complaint rates above 0.3% are the line you don’t want to cross, with 0.1% as the practical target. Cross 0.3% and you’ll see deferrals, throttling, and eventually outright spam-folder placement for your entire domain, not just the campaign that caused it.
We see this in our own data at SMTP2GO.
The takeaway is uncomfortable for marketers used to thinking of unsubscribes as a loss metric: every easy unsubscribe is a complaint you didn’t get. You want them. You want them more than you want a slightly fatter list. A list of 80,000 engaged subscribers outperforms 100,000 padded with disengaged contacts who are about to torch your reputation.
For the upstream side of this (cleaning the list before it gets to the unsubscribe stage), see the bounce rate survival guide and email scrubbing: why a clean mailing list is key.
The new floor: one-click List-Unsubscribe
This is the change everyone needs to understand. As of February 2024, both Google and Yahoo started enforcing the requirement for senders sending over 5,000 messages per day to their inboxes, and one-click unsubscribe via the List-Unsubscribe header is part of that mandate.
Two headers do the work, both defined under RFC 8058:
List-Unsubscribe: <mailto:unsubscribe@yourdomain.com>, <https://yourdomain.com/unsub?token=abc123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
The first header gives mail clients a machine-readable unsubscribe endpoint. The second tells them it’s a true one-click action, no confirmation page, no preference center, no “are you sure.” When a Gmail user clicks the unsubscribe link Gmail renders next to the sender’s name, that’s what fires. The recipient never visits your site.
Two operational details people miss:
You must honor the request within two days. The RFC and the ISPs both say so. If your unsubscribe pipeline batches overnight, you’re already late.
The endpoint receives a POST with List-Unsubscribe=One-Click in the body. If your handler expects a query string or a GET, it fails silently and the unsubscribe doesn’t process. We’ve seen this on more than one migration audit.
Here’s what we did when we built this into the SMTP2GO platform.
Customers using our tracking automatically get both headers added to outbound mail and the recipient is added to the suppression list inside the platform, so the next send doesn’t go to them.
No engineering work required at the application layer.
If you’re sending through a custom MTA or a different relay, you’ll need to either generate these headers yourself or check that your provider is doing it. SendGrid, Mailgun, and AWS SES all support it but the configuration varies. A 30-second test: send yourself an email, view source, search for List-Unsubscribe. If it’s not there, your bulk sends to Gmail and Yahoo are at risk.
For the full breakdown of the Feb 2024 enforcement, our guide to the Gmail and Yahoo 2024 inbox protection rules goes deeper.
The legal floor: CAN-SPAM, CASL, GDPR
The Gmail/Yahoo rules are the platform floor. The legal floor is older and stricter in several places. If you send anywhere outside the US you need to know which rules apply to which recipients.
CAN-SPAM is the American baseline. It requires a clear opt-out mechanism in every commercial email, processing within 10 days, an unsubscribe link that stays live for at least 30 days after the send, and no requirement that the recipient log in to unsubscribe. Violations are per-email, and the fines have teeth.
CASL is Canada’s law and it’s stricter. It requires the unsubscribe mechanism to remain functional for 60 days, processing within 10 business days, and the opt-out has to cover all commercial messages from the sender, not just the specific list.
GDPR doesn’t write the unsubscribe rules per se but it changes the consent model under them. Under GDPR, marketing email generally requires opt-in consent in the first place, and that consent has to be withdrawable as easily as it was given. Practically, that means your unsubscribe needs to work without a login, without a survey, and without forcing the recipient through a preference center if they want a hard out.
For the side-by-side and the additional state-level rules (California’s CCPA matters here too), see navigating GDPR, CAN-SPAM and CASL and a look at the California Consumer Privacy Act.
The honest summary: build to the strictest standard you send under. If you ship one campaign to Canada you should be honoring 60-day link validity globally. It’s simpler operationally and it forecloses a class of compliance bugs.
The UX layer: making unsubscribe painless
The platform and legal floors set the minimum. The UX layer is where you stop accumulating complaints and start building goodwill with people on their way out.
Eight practical rules, in rough order of impact.
Use the word “unsubscribe.” Not “manage preferences,” not “click here,” not a tiny grey icon. The recipient is scanning. If the link doesn’t match the verb in their head, they reach for the spam button instead.
Put the link where it’s findable. Gmail puts an unsubscribe link near the sender address for List-Unsubscribe-equipped mail. Most other clients show your footer first. Either way, the link needs to be there, visible, and not visually buried under five legal disclaimers.
Don’t require login. It’s against CAN-SPAM. It’s also the fastest way to get marked as spam by a frustrated recipient who can’t remember their password.
Don’t make them fill out a survey first. Surveys are fine after the unsubscribe is honored, optional, as a polite “before you go.” Before the unsubscribe, they’re a hostage situation.
Honor it immediately. The law gives you 10 days. The recipient expects two seconds. Anything between sends the message that you’re hoping they’ll forget.
Land them on a branded confirmation page, not a confirmation email. They asked to stop receiving mail. Sending them another email to confirm it stopped is the email-marketing equivalent of arguing about the breakup at the door.
Offer a resubscribe link on the confirmation page. Accidental clicks happen. A one-tap path back recovers a small but meaningful share of accidental unsubscribes based on what we see in customer dashboards.
Don’t override the link’s underline or color to make it blend with the rest of the email. Deliberately camouflaged unsubscribe links are the marketing version of a fake “X” button. Recipients notice. ISPs eventually do too.
For more on why you need an unsubscribe button in the first place which covers the strategic case for marketers who still resist.
Retaining the wavering subscriber
This is where the strategy lives. The compliance and platform layers stop you bleeding reputation. The UX layer stops you bleeding goodwill. The retention layer is where you keep the people who don’t actually want to leave, they just want less.
The biggest single move is a preference center reached from the unsubscribe link rather than as a forced detour. Two different decisions. “I want out completely” goes to the one-click path. “I want to change what I’m getting” goes to the preference center. Don’t conflate them.
Inside the preference center, the highest-impact options:
A frequency dial. If you send daily, offer weekly. If you send weekly, offer monthly. Daily-to-weekly typically holds onto a meaningful slice of would-be unsubscribers, in our experience working with high-volume B2C senders. The user gets oxygen, you keep the relationship.
A topic toggle. Newsletter, product updates, promotions, event invitations. Let them turn off the part they don’t want. The marketing team will hate losing the cross-promotion. The deliverability team will love the engagement signal.
A pause. Two weeks, a month, three months. People go on vacation. People have a busy quarter. A pause beats an unsubscribe because it returns them to an active list automatically.
A channel switch. Some recipients want updates, just not in their inbox. Offer the RSS feed, the social account, the SMS list if you have one. Honestly, this one’s mostly for goodwill, but goodwill compounds.
One thing not to do: don’t build re-engagement campaigns that rely on Apple Mail open rates. Apple Mail Privacy Protection inflates opens systematically, and a meaningful chunk of your list reads via Apple Mail. Use clicks, replies, and purchases as engagement signals. Send win-back to recipients who haven’t clicked in 90 days, not to recipients who haven’t opened. Marketing teams who didn’t update for MPP are still flying blind on this one.
Transactional vs. marketing: where the line is
A note for the half of the SMTP2GO audience running device, application, or system-generated mail.
Transactional email, in the strict sense, doesn’t require an unsubscribe link under CAN-SPAM. A password reset, an order confirmation, a printer scan-to-email, a security camera alert. None of those need an opt-out, because the recipient isn’t a “list,” they’re the person whose action triggered the message.
The line gets blurry the moment you add marketing content to a transactional email. A receipt with a promo banner is now a hybrid message and CAN-SPAM treats it as commercial. A welcome email that crosses into newsletter territory likewise. Rule of thumb: if more than a third of the message is marketing, you’re in commercial territory and the rules apply.
SMTP2GO handles this cleanly because we treat marketing and transactional as separate send streams with separate suppression behaviors.
If you’re sending both through the same provider, make sure the unsubscribe applies to the marketing stream only. Recipients shouldn’t stop getting their order confirmations because they unsubscribed from your newsletter.
If your unsubscribe link is sending complaint rates anywhere near 0.3%, fix the link before you fix the content. If you’re hitting the 5,000-per-day Gmail or Yahoo threshold and your List-Unsubscribe header isn’t there, that’s the first job, ahead of every list-cleaning project on your roadmap.
Worth checking your headers right now. Send yourself a test. View source. If List-Unsubscribe-Post: List-Unsubscribe=One-Click isn’t on the page, that’s your weekend.
For senders looking to migrate to a platform that handles all of this without engineering work, try SMTP2GO free. The List-Unsubscribe headers, the auto-suppression, the complaint feedback loops with the major ISPs, all of it is set up by default. We’ve been doing this since 2006 and we’d rather you got it right than learn the hard way.
About the author
Charlie Abrahamson
Charlie is CEO and co-founder of SMTP2GO. He started the company in 2006 after a trip to Argentina left him locked out of his own email (every internet café and local ISP blocked his attempts to send). Twenty years later, SMTP2GO delivers email for businesses around the world from its Christchurch, New Zealand base. Charlie has personally configured SMTP relays, debugged deliverability incidents, and led migrations for senders ranging from small businesses to enterprises moving off AWS SES, SendGrid, Mailgun, and Postmark. SMTP2GO is ISO 27001 certified, GDPR compliant and an M3AAWG member.
