Is a two-click unsubscribe process compliant with CAN-SPAM?

While CAN-SPAM’s language about visiting a single page might have historically allowed for a two-click confirmation on that page, the industry is moving towards a true one-click unsubscribe. Major mailbox providers like Gmail and Yahoo now require one-click unsubscribes via the List-Unsubscribe header for bulk senders. Therefore, while technically permissible under a strict reading of CAN-SPAM, it is no longer considered best practice and can negatively impact deliverability.

How do Gmail and Yahoo’s new requirements affect two-click unsubscribes?

Gmail and Yahoo's new requirements for bulk senders (starting 2024) mandate a one-click unsubscribe mechanism via the List-Unsubscribe header. This means users can unsubscribe directly from their inbox interface with a single click, without visiting a landing page. Failure to implement this can lead to your emails being marked as spam or blocked (blacklisted) by these providers, regardless of CAN-SPAM compliance.

What is the recommended unsubscribe best practice for optimal deliverability?

The best practice is to implement a true one-click unsubscribe using the List-Unsubscribe header. Additionally, ensure your unsubscribe link in the email body is clear, prominent, and does not require users to log in or provide additional information. Process unsubscribe requests immediately, ideally within seconds, to maintain a good sender reputation and avoid spam complaints.

What is the List-Unsubscribe header?

The List-Unsubscribe header is a line of code in your email's header that allows email clients to display a direct unsubscribe button. When clicked, it sends an automatic unsubscribe request (either via an email to a mailto: address or an HTTP POST request to a URL) without requiring the recipient to visit a landing page for confirmation. This provides a true one-click unsubscribe experience.

Can I still use a preference center with one-click unsubscribe requirements?

Having a preference center is a good practice, but it should not be the primary or only way to unsubscribe from all commercial emails. A user should be able to instantly unsubscribe from all marketing emails with one click. After they have opted out of all communications, you can then offer them the option to resubscribe to specific topics or manage their preferences in a preference center.

Is a two-click email unsubscribe process compliant with CAN-SPAM? - Compliance - Email deliverability - Knowledge base

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, better known as CAN-SPAM, is a cornerstone of email marketing compliance in the United States. It sets the rules for commercial email and gives recipients the right to have businesses stop emailing them. A frequent question I encounter involves the unsubscribe process: specifically, whether a two-click unsubscribe method is compliant with CAN-SPAM regulations. This isn't just a legal curiosity, it impacts your deliverability and how recipients perceive your brand.

For years, the industry standard leaned towards a two-click unsubscribe process. This typically involved clicking an unsubscribe link in the email, which then led to a landing page where the user had to confirm their unsubscribe request with a second click. The primary reasoning behind this approach was to mitigate unintended unsubscribes, especially those caused by security scanners or bot clicks that automatically follow links to verify content. It was seen as a way to protect legitimate subscribers from accidental removal from a list they still wanted to be on.

However, the landscape of email compliance and best practices is dynamic. What was once generally accepted or considered a good safeguard might now be outdated or even detrimental to your sender reputation. With major mailbox providers introducing stricter requirements, the debate around one-click versus two-click unsubscribes has intensified. My goal is to clarify CAN-SPAM's stance and discuss how recent industry shifts impact this crucial aspect of email marketing.

The core of CAN-SPAM’s unsubscribe requirement is that the process must be clear and conspicuous and offer a mechanism that is easy to use. Specifically, the Federal Trade Commission (FTC) states that recipients cannot be required to take any step other than sending a reply email or visiting a single page on an internet website. This is the crucial phrasing that led many to believe a two-click process (one click in the email, one click on the page) was compliant, as long as that second click happened on the single page. Any additional hurdles, like requiring a login or personal information beyond an email address, are prohibited. The legal framework primarily aims to prevent deceptive or cumbersome unsubscribe procedures that frustrate users.

CAN-SPAM's requirements for unsubscribing

Legal interpretation versus practical application is often a nuanced discussion in email deliverability. While a two-click method where the second click is simply a confirmation on the landing page has largely been considered compliant under CAN-SPAM, the spirit of the law emphasizes ease of opt-out. The FTC’s guidance is clear that a recipient should not be forced to take any step other than sending a reply email or visiting a single page. This specific wording has historically allowed for a confirmation click on the landing page, provided it's the only additional action required. However, the legal landscape is always evolving, and what constitutes easy can be subject to interpretation over time and by different regulatory bodies.

A key provision of CAN-SPAM also states that you cannot charge a fee, require the recipient to provide personally identifying information beyond an email address, or make them take steps other than what’s outlined. This means forcing users to log into an account, for example, would almost certainly not be compliant. The intent is to make the unsubscribe process as frictionless as possible for the consumer. While the two-click method generally aligns with this, it introduces a slight hurdle compared to a true one-click process that has become the gold standard.

Key CAN-SPAM unsubscribe rules

Include an opt-out mechanism: Every commercial email must contain a clear and conspicuous way for recipients to opt out of future emails.
Easy and simple: The unsubscribe process should be easy to execute. You cannot require additional steps beyond visiting a single page or sending a reply email.
No fees or extra information: You cannot charge a fee for opting out, nor can you ask for any personally identifying information other than an email address.
Honor requests promptly: You must honor unsubscribe requests within 10 business days.

For more detailed guidance, you can refer to the official CAN-SPAM Act Compliance Guide for Business from the Federal Trade Commission.

The shift towards one-click unsubscribe

While CAN-SPAM’s language about visiting a single page might have allowed for the two-click confirmation historically, the email industry is rapidly moving towards a true one-click unsubscribe as the preferred and, in many cases, required method. This shift is largely driven by major mailbox providers like

Gmail and

Yahoo, who have implemented strict new sender requirements for 2024. These requirements, which apply to bulk senders (over 5,000 emails per day), mandate the implementation of a one-click unsubscribe mechanism through the List-Unsubscribe header.

The List-Unsubscribe header is a technical standard that allows email clients to display an unsubscribe button directly in the inbox interface, often next to the sender’s email address. When a user clicks this, an unsubscribe request is sent automatically without requiring them to visit a landing page or take any further action. This greatly streamlines the process for the recipient. If this method is not implemented, senders risk their emails being sent to spam folders or even being outright blocked (or blacklisted) by these providers. You can learn more about how Yahoo and Google's one-click unsubscribe requirements work.

This shift means that while a two-click process may still technically comply with the letter of CAN-SPAM for the unsubscribe link within the email body, it no longer aligns with the best practices and explicit requirements of major mailbox providers for bulk senders. Failure to implement true one-click unsubscribe via the List-Unsubscribe header can severely impact your deliverability, leading to more spam complaints and poorer inbox placement. It’s also important to note that the one-click unsubscribe requirement applies primarily to commercial or marketing emails, not necessarily transactional emails. You can read more about when unsubscribe links are required.

Practical implications and best practices

To ensure both CAN-SPAM compliance and optimal deliverability in the current email ecosystem, I strongly recommend adopting a one-click unsubscribe process. This means leveraging the List-Unsubscribe header, as required by

Microsoft, Gmail, and Yahoo for bulk senders. This doesn't mean you can't have a preference center. You absolutely should, but the immediate unsubscribe should be a single, frictionless click. The preference center can be a secondary option, allowing users to fine-tune their subscriptions after the initial, broad opt-out has been honored. You can also explore email unsubscribe link best practices.

The benefits of a true one-click (or single click) unsubscribe far outweigh the perceived risks of bot clicks, which modern email platforms are increasingly designed to handle. A simpler unsubscribe process leads to a better user experience, which in turn reduces spam complaints. When recipients can easily opt out, they are less likely to mark your emails as spam, which is a major positive signal for your sender reputation and helps keep your domain off email blocklists (or blacklists). Remember, the law allows for up to 10 business days to process an unsubscribe request, but the industry best practice is to do it almost immediately. You can read more about processing unsubscribe requests faster.

Example List-Unsubscribe header

List-Unsubscribe: <mailto:unsubscribe@example.com?subject=unsubscribe>, <https://example.com/unsubscribe/unique-id>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

One-click vs. two-click unsubscribe

Here's a comparison of how one-click and two-click unsubscribe methods stack up in the current email landscape:

User experience

One-click: Immediate and frictionless. Users appreciate the simplicity.
Two-click: Adds an extra step, potentially causing frustration or abandonment.

Compliance and deliverability

One-click: Required by major mailbox providers (Gmail, Yahoo) for bulk senders, crucial for inbox placement and sender reputation. Compliant with CAN-SPAM due to ease.
Two-click: May technically satisfy some interpretations of CAN-SPAM's single page rule but can negatively impact deliverability due to modern sender requirements.

Bot protection

One-click: Potential for bot-triggered unsubscribes, but modern systems often distinguish between human and bot clicks.
Two-click: Reduces bot-triggered unsubscribes by requiring a human action on the landing page.

Views from the trenches

Best practices

Always include a clearly visible unsubscribe link in the footer of every commercial email you send.

Implement the List-Unsubscribe header, including both mailto and HTTPS URLs for maximum compatibility.

Process all unsubscribe requests immediately, even though CAN-SPAM allows up to 10 business days.

Common pitfalls

Requiring users to log in or provide additional personal information to unsubscribe, which violates CAN-SPAM.

Making the unsubscribe link difficult to find or read, using small font or light colors.

Delaying the processing of unsubscribe requests, which can lead to increased spam complaints and blocklisting.

Expert tips

Prioritize user experience in your unsubscribe process. A smooth exit ensures a positive final impression and reduces spam complaints.

Stay updated on evolving email regulations and mailbox provider requirements, as they frequently change.

Don't view unsubscribes as a failure, but as a healthy part of list hygiene. It means your list is clean and engaged.

Expert view

Expert from Email Geeks says a one-click to a page, followed by another click on that page, is generally considered fine for unsubscribe compliance.

2019-12-11 - Email Geeks

Marketer view

Marketer from Email Geeks says to ensure that recipients are not required to log in or provide more information when unsubscribing, as that makes the process difficult.

2019-12-11 - Email Geeks

Adapting to the modern unsubscribe standard

While a two-click email unsubscribe process may have technically been compliant with earlier interpretations of CAN-SPAM, the landscape has evolved significantly. The spirit of the law, combined with the new requirements from major mailbox providers, now strongly favors a single-click unsubscribe method. Implementing the List-Unsubscribe header is no longer just a best practice, it is a critical requirement for maintaining high deliverability rates and avoiding spam folders. Prioritizing a frictionless unsubscribe experience benefits both your recipients and your sender reputation.

Therefore, even if your current two-click system theoretically meets CAN-SPAM's single page clause, I urge you to transition to a true one-click unsubscribe. This proactive approach will help you stay compliant with the latest industry standards, improve your sender reputation, and ultimately ensure your legitimate emails reach the inbox. It's a strategic move that aligns with evolving user expectations and the technical demands of modern email ecosystems.