Does the order of MAILTO and HTTPS in the List-Unsubscribe header matter?
Matthew Whittaker
Co-founder & CTO, Suped
Published 12 May 2025
Updated 17 Aug 2025
8 min read
The List-Unsubscribe header is a critical component of modern email communication, designed to offer recipients an easy way to opt out of unwanted messages. It appears prominently in email clients, often as a distinct unsubscribe button or link, separate from any in-email body links. This feature plays a vital role in maintaining good sender reputation and ensuring compliance with anti-spam regulations.
Historically, the List-Unsubscribe header typically contained a mailto address, which, when clicked, would compose an email to trigger the unsubscribe process. While still a valid method, the industry has largely shifted towards the HTTPS one-click unsubscribe method, offering a more seamless experience for users.
Many email senders include both a mailto link and an HTTPS URL in their List-Unsubscribe header. This raises a common question: does the order of these two methods, mailto and HTTPS, within the header actually matter for email clients and deliverability? This is a nuance that can impact how efficiently recipients can unsubscribe and, by extension, how mailbox providers perceive your sending practices.
Understanding the List-Unsubscribe header
The primary function of the List-Unsubscribe header is to provide a standardized, client-level unsubscribe mechanism. This helps reduce spam complaints, as recipients are given a clear, convenient way to opt out, rather than resorting to marking your emails as spam. Implementing this header correctly is a key factor in ensuring your emails consistently reach the inbox.
The mailto method, defined in RFC 2369, is the older approach. It specifies an email address to which an unsubscribe request can be sent. When a user clicks an unsubscribe button tied to a mailto link, their email client generates a new message to the specified address, usually with a predefined subject like 'unsubscribe'. This method relies on the user's email client and their active participation in sending the email.
The HTTPS method, on the other hand, is generally preferred today and is central to the concept of one-click unsubscribe. This method uses a direct URL that, when accessed (typically via a POST request), automatically unsubscribes the user without requiring an extra email or confirmation page. This streamlined process significantly improves the user experience and is favored by major mailbox providers, as highlighted in many industry recommendations. If you're looking to meet updated compliance requirements for large providers, focusing on your HTTPS setup is crucial.
RFC specifications and practical implications
From a purely technical standpoint, RFC 2369, which defines the List-Unsubscribe header, suggests that multiple values in a comma-separated list should be processed in order of appearance, from left to right. This implies that the first valid method listed would be the one an email client would attempt to use. However, modern email environments are far more complex than the original RFCs anticipated.
The advent of RFC 8058 brought significant changes, specifically introducing the List-Unsubscribe-Post header to facilitate one-click unsubscribe functionality. This RFC specifies that the HTTPS URL should be present in the List-Unsubscribe header to enable one-click. While it allows for other methods like mailto to be included, the explicit preference for the HTTPS method is clear for modern compliance. Implementing one-click unsubscribe is now a fundamental requirement for many major mailbox providers.
RFC recommendation
Order: List-Unsubscribe header entries are processed from left to right.
Preference: The first valid method encountered in the header is technically preferred.
RFC 8058 specifically introduced the List-Unsubscribe-Post header to enable one-click unsubscribe via HTTPS.
Real-world behavior
Provider preference: Many major mailbox providers (MBPs) prioritize the HTTPS one-click method, regardless of its explicit position in the header. For specific requirements, see Yahoo and Gmail compliance.
User experience focus: MBPs aim for the most frictionless unsubscribe experience to reduce spam complaints.
This behavior aligns with recent guidelines from major providers, emphasizing seamless unsubscribe options to improve the overall email ecosystem.
In practice, the actual behavior of email clients and mailbox providers often diverges from strict RFC order. Modern systems are designed to offer the best user experience and deter spam, which means they will prioritize the most efficient and reliable unsubscribe method available. This usually translates to a strong preference for the HTTPS one-click method, even if a mailto link appears first.
Key standard: RFC 8058
RFC 8058 is crucial for one-click unsubscribes. It specifies that an HTTPS URL should be provided in the List-Unsubscribe header, and a List-Unsubscribe-Post header must also be present for true one-click functionality. While it allows other HTTP(S) and/or mailto links to be included, the emphasis is clearly on the direct HTTPS method.
Impact on major mailbox providers
Mailbox providers like Google and Yahoo have recently updated their sender requirements, making the one-click unsubscribe method (via HTTPS) a mandatory element for bulk senders. For these providers, the order of mailto and HTTPS within the List-Unsubscribe header holds less weight than the mere presence and functionality of the HTTPS link. Google's requirements for one-click are particularly stringent.
While they might still acknowledge a mailto link if it's the only option, their systems are optimized to detect and promote the HTTPS one-click method. This means that even if you place mailto first, these providers will likely display the direct unsubscribe option, ensuring the most straightforward path for their users. This strong preference helps in improving your overall sender reputation.
Provider
Preferred method
Order preference
Notes
Google
HTTPS (one-click)
Prioritizes HTTPS
Critical for new sender requirements, aiming for frictionless unsubscribe.
Yahoo
HTTPS (one-click)
Prioritizes HTTPS
Essential for maintaining deliverability and avoiding blocklisting.
Microsoft
HTTPS (one-click)
Minimal impact
Historically, some issues existed, but less common today with modern clients.
Other MBPs
HTTPS or Mailto
Varies
Some may process the first valid method; others prefer HTTPS if available.
This general trend underscores a shift towards user experience over strict adherence to archaic interpretations of RFCs. While having both options is beneficial for maximum compatibility, the HTTPS one-click method is clearly the priority for maintaining strong deliverability and avoiding common pitfalls that lead to emails landing in the spam folder.
Views from the trenches
Best practices
Always include both the HTTPS and mailto methods in your List-Unsubscribe header for maximum compatibility and user choice.
Prioritize the HTTPS (one-click) URL by placing it first in the header, especially for compliance with major mailbox providers.
Regularly test your unsubscribe links to ensure they are functional and provide an instant, frictionless experience.
Common pitfalls
Relying solely on the mailto unsubscribe method, which can lead to higher spam complaints due to a less direct process.
Having a broken or non-functional unsubscribe link, which severely harms sender reputation and can lead to blocklisting.
Ignoring mailbox provider specific preferences, assuming RFC order is universally applied by all email clients.
Expert tips
Implement a robust backend system to process unsubscribe requests instantly from both mailto and HTTPS methods.
Monitor feedback loops from major providers; high complaint rates often indicate issues with unsubscribe options.
Consider using a preference center linked from your unsubscribe flow to allow users more granular control over their subscriptions.
Expert view
Expert from Email Geeks says the technical order of preference for List-Unsubscribe methods is from first to last.
2024-06-05 - Email Geeks
Marketer view
Marketer from Email Geeks says that placing mailto first and then HTTPS works properly, suggesting the order might not be a strict barrier.
2024-06-05 - Email Geeks
Best practices for your List-Unsubscribe header
Given the current landscape, the most robust approach is to include both the HTTPS and mailto methods in your List-Unsubscribe header. While the explicit order may not strictly enforce preference with major providers, it's generally recommended to place the HTTPS URL first, followed by the mailto address. This ensures that clients prioritizing the first entry still encounter the preferred one-click method.
Recommended List-Unsubscribe header formatplain text
Beyond simply including the header, it's paramount that your unsubscribe links are fully functional and process requests promptly. A broken or slow unsubscribe process can quickly lead to recipients marking your emails as spam, which negatively impacts your sender reputation. This can result in your domain or IP address being added to an email blocklist (or blacklist), hindering future email delivery.
Ensure both methods work
Test functionality: Regularly test your unsubscribe links (both mailto and HTTPS) to ensure they are fully operational. You can use an email deliverability tester for this.
Monitor feedback: Pay attention to any bounce messages or feedback loop reports indicating issues with unsubscribes or complaints. This is vital for blocklist monitoring.
Automate process: For mailto unsubscribes, ensure an automated system processes these requests promptly and removes the subscriber from your list.
Additionally, consider implementing a preference center that users can access via your HTTPS unsubscribe link. A preference center allows users to manage their subscription settings rather than a full unsubscribe, potentially retaining them for other types of communication. This approach aligns with best practices for improving email deliverability with a preference center.
Key takeaways for email senders
While the traditional RFCs might imply that the order of mailto and HTTPS in the List-Unsubscribe header matters, in today's email landscape, the practical impact is minimal for major mailbox providers. Their systems are designed to prioritize the HTTPS one-click unsubscribe method, recognizing its superior user experience and compliance benefits.
The focus should be less on the precise ordering and more on ensuring that a valid, functional HTTPS unsubscribe URL is present and correctly implemented alongside a List-Unsubscribe-Post header. This proactive approach helps prevent spam complaints, improves your overall email deliverability rate, and ensures a positive relationship with your recipients and mailbox providers.
By adhering to current best practices and prioritizing the one-click unsubscribe, you can navigate the complexities of email deliverability with greater confidence and keep your messages out of the spam folder. Always test your headers and monitor your reputation to stay ahead.
Google and 
Yahoo have recently updated their sender requirements, making the one-click unsubscribe method (via HTTPS) a mandatory element for bulk senders. For these providers, the order of mailto and HTTPS within the List-Unsubscribe header holds less weight than the mere presence and functionality of the HTTPS link. Google's requirements for one-click are particularly stringent.
Microsoft
