Summary
The general consensus is that including List-Unsubscribe headers in transactional emails is highly recommended, primarily to reduce spam complaints, improve deliverability, and comply with regulations like GDPR and CAN-SPAM. This provides recipients with an easy opt-out method, improving user experience and protecting sender reputation. Best practices for DKIM include proper setup with key pair generation and DNS record creation, using a minimum key size of 2048 bits for security, rotating DKIM keys regularly, ensuring DKIM alignment for DMARC compliance, and handling potential issues with long DKIM records by using TXT record concatenation. The choice between mailto: and HTTP URLs for the List-Unsubscribe header depends on the desired processing speed, with HTTP generally offering faster unsubscription.
Key findings
- List-Unsubscribe Benefits: Including List-Unsubscribe headers in transactional emails significantly reduces spam complaints and improves overall deliverability by providing a straightforward opt-out mechanism.
- DKIM Improves Authentication: DKIM helps in authenticating the sender's identity, increasing trust with email service providers, and reducing the chances of emails being marked as spam.
- DKIM Key Rotation: Regularly rotating DKIM keys is crucial for maintaining security and minimizing the risk of key compromise.
- DKIM Alignment for DMARC: DKIM alignment is essential for passing DMARC authentication, requiring the d= domain in the DKIM signature to match the domain in the From header.
- Key Size: Using a DKIM Key size of at least 2048 bits for improved security
Key considerations
- Regulatory Compliance: List-Unsubscribe headers aid in compliance with email marketing regulations like GDPR and CAN-SPAM.
- User Experience Optimization: Offering an unsubscribe option, even for transactional emails, enhances user experience, especially if the recipient didn't request those emails.
- TXT Record Length Limitations: If DKIM records exceed the character limit, use TXT records that support string concatenation in DNS to ensure validity.
- Unsubscription Policy Implementation: Develop a clear and practical policy for managing unsubscription requests from transactional emails, such as suppressing marketing and less-critical communications.
- HTTP vs. Mailto URLs: Carefully consider the implementation of the List-Unsubscribe header (HTTP vs. mailto), evaluating the speed with which unsubscribe requests are handled.
- DKIM Selector best practice: Selecting an appropriate DKIM selector and ensuing DNS validation
What email marketers say
11 marketer opinions
The consensus is that including List-Unsubscribe headers in transactional emails is a good practice, particularly for compliance with regulations and to reduce spam complaints. It provides recipients with an easy way to opt-out, enhancing user experience and protecting sender reputation. For DKIM, it's essential to set it up correctly, regularly rotate keys, ensure DKIM alignment for DMARC compliance, and handle long DKIM records properly.
Key opinions
- List-Unsubscribe Benefit: Including List-Unsubscribe headers in transactional emails reduces spam complaints and improves deliverability by providing recipients with a straightforward opt-out method.
- DKIM Improves Deliverability: DKIM helps improve email deliverability by authenticating the sender's identity, reducing the likelihood of emails being marked as spam.
- DKIM Key Rotation: Regularly rotating DKIM keys is a recommended best practice to mitigate the risk of key compromise.
- DKIM Alignment: DKIM alignment is crucial for passing DMARC authentication; the d= domain in the DKIM signature must match the domain in the From header.
Key considerations
- Compliance: List-Unsubscribe headers aid in compliance with email marketing regulations like GDPR and CAN-SPAM.
- User Experience: Offering an unsubscribe option, even for transactional emails, improves user experience, especially if recipients did not request the emails.
- TXT Record Length: When DKIM records are too long, use TXT records that support string concatenation in DNS to ensure the entire record is valid.
- Spam Complaints: Allowing users to unsubscribe from all message types can reduce spam complaints, protecting sender reputation.
Marketer view
Email marketer from SendGrid advises that a best practice for DKIM is to regularly rotate DKIM keys. This involves generating new keys and updating your DNS records periodically to reduce the risk of key compromise.
6 Mar 2024 - SendGrid
Marketer view
Marketer from Email Geeks sees no downside to allowing people to opt out from any message they could potentially report as spam.
11 Dec 2022 - Email Geeks
What the experts say
7 expert opinions
Experts generally recommend including List-Unsubscribe headers in transactional emails to reduce spam complaints and improve deliverability. RFC 8058 unsubscription headers are acceptable, but it's crucial to decide how to handle unsubscription requests. A reasonable policy involves suppressing less-critical emails while continuing essential communication. For DKIM, best practices include avoiding the L= tag, considering signature expiration, oversigning key headers, selecting a unique selector, and ensuring DNS validation. Implementation can be done via mailto: or HTTP URLs, with HTTP offering faster processing.
Key opinions
- List-Unsubscribe in Transactional Emails: Including List-Unsubscribe headers in transactional emails reduces spam complaints and enhances deliverability by providing a simple opt-out option.
- DKIM Oversigning: Oversigning important headers helps maintain email integrity and authenticity.
- DKIM Selector: Choosing a unique and unused DKIM selector is vital for DKIM configuration.
- Unsubscription Policy: Establish a clear policy for handling unsubscription requests from transactional emails, such as suppressing marketing and less-critical communications.
Key considerations
- HTTP vs. Mailto Unsubscribe: Consider using HTTP URLs for List-Unsubscribe headers for faster processing of unsubscription requests compared to mailto: URLs.
- DKIM Configuration: Proper DKIM configuration and DNS validation are crucial for successful email authentication.
- RFC 8058: Implement RFC 8058 unsubscription headers for transactional emails while being prepared to handle the requests appropriately.
- Header Oversigning: Carefully oversign headers that should appear only once to prevent tampering.
Expert view
Expert from Email Geeks suggests a reasonable policy would be to suppress all marketing and less-critical transactional emails upon receiving an RFC 8058 unsubscribe request for a transactional email, while still sending vital, truly transactional mail.
8 Sep 2021 - Email Geeks
Expert view
Expert from Email Geeks shares DKIM best practices, including avoiding the L= tag, considering the X= tag for signature expiration, and oversigning headers that should only appear once like To, Cc, Subject, Date, From, Sender, Reply-To, Bcc, Message-ID, In-Reply-To, and Reference.
27 Sep 2024 - Email Geeks
What the documentation says
5 technical articles
Technical documentation emphasizes the importance of correct syntax for List-Unsubscribe headers, using either mailto: or HTTP URLs. DKIM setup involves generating a public/private key pair and adding a DNS record. A minimum DKIM key size of 2048 bits is recommended for security. SPF and DKIM should be used together to improve deliverability. Microsoft 365 provides specific steps for DKIM setup in custom domains.
Key findings
- List-Unsubscribe Syntax: List-Unsubscribe headers must contain either a mailto: or HTTP URL for recipients to unsubscribe.
- DKIM Setup Process: DKIM setup requires generating a public/private key pair and adding a DKIM record to your DNS.
- DKIM Key Size: Using a DKIM key size of at least 2048 bits is essential for improved security.
- SPF and DKIM Synergy: SPF and DKIM work together to authenticate sending servers and email content, improving deliverability.
Key considerations
- Implementation Efficiency: Correctly implementing List-Unsubscribe headers ensures efficient processing of unsubscription requests.
- DNS Configuration: Proper DNS configuration is crucial for both DKIM and SPF to function correctly.
- Security: Strong DKIM key sizes are necessary to protect against vulnerabilities and maintain security standards.
- Microsoft 365 DKIM: Follow Microsoft's specific steps for setting up DKIM in Microsoft 365 custom domains.
Technical article
Documentation from OpenDKIM recommends using a DKIM key size of at least 2048 bits for improved security. Smaller key sizes are more vulnerable to attacks and may not be considered secure by some email providers.
1 Dec 2023 - OpenDKIM
Technical article
Documentation from RFC Editor details the proper syntax for the List-Unsubscribe header, specifying that it should contain either a mailto: URL or an HTTP URL that recipients can use to unsubscribe from email lists. Correct implementation ensures that unsubscription requests are processed efficiently.
28 Nov 2024 - RFC Editor
Are people using 4096-bit DKIM keys, and what is the recommended DKIM key length?
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
Do I need DMARC for transactional emails from a small website, and what are the best low-cost alternatives for sending emails if my IP is blocked?
Do I need multiple DKIM records if I use multiple ESPs like HubSpot, Sendgrid and ActiveCampaign?
Does CAN-SPAM require a physical address in transactional emails?
Does the DKIM domain need to align with the List-Unsubscribe domain?
