Summary
The interpretation of whether a two-click email unsubscribe process complies with the CAN-SPAM Act is divided, though the prevailing view among many major email service providers and legal interpretations indicates it is generally not compliant. The law specifically mandates that recipients should take 'no more than a single step' to opt out, such as sending a reply email or visiting a single website page. While some experts believe a two-click process, where the second click is a simple confirmation on a dedicated landing page, can be acceptable if easy to execute and no additional personal information is required, the broader consensus emphasizes a single, definitive action for opt-out.
Key findings
- Single Action Requirement: Most interpretations of CAN-SPAM, including those from the FTC, major ESPs like Mailchimp and HubSpot, and various legal resources, state that the unsubscribe process must be a single action, not requiring more than one click, such as clicking a link to land on a page where the unsubscribe is immediate or simply sending a reply email.
- Two-Click as Non-Compliant: A process requiring a click in the email and then a subsequent confirmation click on a landing page is widely considered non-compliant with CAN-SPAM due to the added step.
- Ambiguity in 'Single Website Page': A minority view among some email experts suggests that if the entire unsubscribe action, including a confirmation click, occurs on a single dedicated website page visited after the initial link click, it could be interpreted as compliant with the 'visiting a single website page' clause, provided it is easy and clear.
- No Additional Information or Login: Regardless of the number of clicks, all sources agree that recipients should never be required to log in, provide additional personally identifying information beyond their email address, or fill out forms to unsubscribe.
Key considerations
- User Experience: A simpler, single-click unsubscribe is strongly recommended as a best practice to reduce user frustration and improve deliverability by minimizing spam complaints, even if a two-click process is deemed technically permissible.
- Anti-Bot Protection: Some two-step processes are implemented to prevent anti-virus bots from inadvertently unsubscribing users, highlighting a practical challenge for email marketers.
- Preference Centers: While preference centers are valuable for managing subscriptions, if used for opting out entirely, they must include a clear and prominent 'unsubscribe from everything' option that requires no more than one additional click or action once on the page.
- Intent of the Law: The spirit of CAN-SPAM emphasizes ease, simplicity, and clarity in the unsubscribe process, aiming to prevent misleading practices and ensure consumers can readily opt out. Adhering to the intent, which favors minimal friction, is crucial.
What email marketers say
14 marketer opinions
While the CAN-SPAM Act aims to ensure a straightforward unsubscribe process, interpretations vary on whether a two-click mechanism is compliant. Many leading email service providers and industry experts broadly consider a two-click unsubscribe to be non-compliant, asserting that the law requires a single, definitive action for opting out, such as a reply email or a visit to a single web page that immediately confirms the unsubscribe. However, a nuanced perspective from some email marketing veterans suggests that a two-click process, where the second click is a simple confirmation on a dedicated landing page, might be permissible, especially if it helps prevent accidental unsubscribes by anti-virus bots and does not demand additional personal information or logins. The overriding principle, regardless of the click count, is that the unsubscribe process must be easy, clear, and not misleading for the recipient.
Key opinions
- Predominant Non-Compliance View: A significant majority of email service providers and marketing experts interpret CAN-SPAM as requiring a single-step unsubscribe, thus deeming a two-click process non-compliant due to the added interaction.
- Single Action Mandate: The CAN-SPAM Act generally mandates that a recipient should be able to opt out with a solitary action, such as sending a reply email or reaching a web page where the unsubscribe is completed in one click.
- Limited Permissibility Argument: A minority view contends that a two-step process can comply if the initial click leads to a dedicated landing page where a final, simple click confirms the unsubscribe, without requiring login or additional data. This interpretation often hinges on the "single website page" clause.
- Prohibited Unsubscribe Hurdles: Regardless of the number of clicks, it is universally agreed that requiring recipients to log in, provide additional personal details, or manually input their email address to unsubscribe constitutes bad practice and a violation of the "easy to execute" requirement.
Key considerations
- User Experience Focus: Prioritizing a seamless and effortless unsubscribe experience is crucial for reducing user frustration and minimizing spam complaints, which in turn supports better deliverability. Simplicity often outweighs complex legal interpretations.
- Bot Prevention vs. Compliance: Some marketers implement two-step processes to mitigate the risk of anti-virus bots inadvertently unsubscribing legitimate users, creating a tension between technical safeguards and strict compliance interpretations.
- Preference Centers: While valuable for managing subscription types, any preference center that serves as an unsubscribe mechanism must include a clear, easily discoverable option to opt out of all communications with a single, immediate action once on the page.
- Spirit of the Law: Beyond literal interpretations, the underlying intent of CAN-SPAM is to empower recipients with an easy, transparent, and non-deceptive way to opt out. Adhering to this principle of simplicity and clarity is paramount for compliance and maintaining sender reputation.
Marketer view
Email marketer from Email Geeks advises that while a two-step unsubscribe might be permissible, recipients should not be required to log in or provide additional personal information.
28 Aug 2021 - Email Geeks
Marketer view
Email marketer from Email Geeks explains that asking recipients to manually fill in their email address or requiring a login for unsubscribing are generally considered bad practices and may violate the "easy to execute" requirement.
19 Apr 2025 - Email Geeks
What the experts say
4 expert opinions
Regarding the CAN-SPAM Act, a two-click email unsubscribe process is generally considered compliant, provided the steps are straightforward and occur on a single landing page without requiring excessive personal details or logins. Industry experts highlight that the Act's allowance for 'visiting a single website page' to opt-out can encompass an initial click to a page followed by a confirmation click on that same page. While technically permissible, a one-click unsubscribe remains the recommended best practice for optimal user experience and to reduce subscriber friction.
Key opinions
- Conditional Compliance: A two-click unsubscribe process, where the first click leads to a web page and the second confirms opt-out on that same page, is generally considered compliant with CAN-SPAM and CASL.
- FTC Guidance Interpretation: The FTC's CAN-SPAM compliance guide, specifically its allowance for 'visiting a single website page' for opt-out, supports the view that a confirmation click on the landed page is acceptable.
- Ease and Clarity Mandate: Compliance hinges on the process being easy to execute and clear for the user, with no additional personally identifying information beyond an email address required, nor any fees or logins.
- Not Strictly One-Click: The law requires a 'single, clear, and conspicuous way' to opt out, which does not strictly limit the process to a single click, allowing for a simple confirmation on a dedicated page or within a preference center.
Key considerations
- User Experience Priority: While legally permissible, a single-click unsubscribe is strongly recommended as a best practice to enhance user experience, minimize frustration, and reduce the likelihood of spam complaints.
- Preventing Accidental Opt-Outs: Some two-step processes are utilized to prevent automated systems or anti-virus bots from inadvertently unsubscribing legitimate users, providing a practical benefit for marketers.
- Preference Center Integration: If a preference center is used for unsubscribing, it must offer a clear and simple option to opt out of all communications with minimal clicks once the user is on the page.
- Spirit of the Law: Adhering to the overarching intent of CAN-SPAM, which is to provide a simple, accessible, and transparent opt-out mechanism for consumers, should guide implementation.
Expert view
Expert from Email Geeks explains that a two-click unsubscribe process, where the first click leads to a page and a second click on that page confirms the opt-out, is acceptable for CAN-SPAM and CASL, provided it is easy to execute.
12 Dec 2021 - Email Geeks
Expert view
Expert from Email Geeks refers to the FTC CAN-SPAM Act Compliance Guide, specifically point #6, which states that senders cannot charge a fee, require personally identifying information beyond an email address, or make recipients take any step other than sending a reply email or visiting a single website page to opt-out.
15 Oct 2024 - Email Geeks
What the documentation says
6 technical articles
The consensus among regulatory bodies and email experts is that a two-click email unsubscribe process generally does not comply with the CAN-SPAM Act. This federal law mandates that recipients must be able to opt out with a single action, such as sending a reply email or visiting a single website page that immediately processes the unsubscribe. Requiring any additional confirmation click, even if on the same landing page, introduces an extra step explicitly disallowed by the Act's single-action requirement.
Key findings
- Single-Step Mandate: The CAN-SPAM Act strictly requires a single, straightforward action for recipients to opt out of commercial emails.
- Two-Click Non-Compliance: Implementing a two-click process, which demands an initial click followed by a separate confirmation click, is widely considered non-compliant with CAN-SPAM.
- Prohibited Additional Actions: The law explicitly forbids any extra steps beyond the initial singular action, meaning a second click for confirmation is not permitted.
- Ease of Opt-Out: The core principle of CAN-SPAM is to ensure the unsubscribe process is easy, clear, and imposes no undue friction on the recipient.
Key considerations
- Legal Compliance Risk: Adhering strictly to the single-step unsubscribe requirement is essential to mitigate the risk of legal penalties under CAN-SPAM.
- User Experience: A truly single-click unsubscribe offers the best user experience, reducing frustration and decreasing the likelihood of spam complaints, which positively impacts deliverability.
- Industry Best Practices: Even if an older interpretation might have allowed conditional compliance, current industry best practices strongly advocate for a single-click unsubscribe to ensure clear compliance and subscriber satisfaction.
- Avoiding Unnecessary Friction: The intent of the law is to make opting out effortless, so any design that adds friction, like a second click, should be avoided.
Technical article
Documentation from FTC.gov explains that CAN-SPAM requires a recipient to take no more than a single step, such as sending a reply email or visiting a single website page, to opt out of future emails, making a two-click unsubscribe process non-compliant.
28 Sep 2024 - FTC.gov
Technical article
Documentation from Webmasters Stack Exchange clarifies that the CAN-SPAM Act explicitly requires a single action for recipients to opt out of commercial email, making any two-click or multi-step unsubscribe process non-compliant.
23 Dec 2022 - Webmasters Stack Exchange
Are mailto links compliant with Google and Yahoo's one-click unsubscribe requirements?
How does Gmail's one-click unsubscribe work and is it really one click?
Is requiring a login to unsubscribe compliant with email regulations?
What are the best practices and legal considerations for 1-click versus 2-click email unsubscribes?
What are the one-click unsubscribe requirements for Gmail and Yahoo, and how do they relate to CAN-SPAM compliance?
What are the requirements for one-click unsubscribe in email marketing?
