RFC 8058 Explained: How One-Click Unsubscribe Works

Estimated reading time: 8 minutes
Unsubscribing should be simple. When people no longer want to receive marketing emails, newsletters, or promotional campaigns, they should be able to opt out without searching for a tiny footer link, logging into an account, or confirming the same action multiple times.
RFC 8058 is the email standard that defines how senders can support one-click unsubscribe through email headers. Instead of relying only on a visible unsubscribe link inside the email body, RFC 8058 allows mailbox providers like Gmail to display their own unsubscribe option directly in the inbox interface.
Google’s sender guidelines state that bulk senders who send more than 5,000 messages per day must support one-click unsubscribe for marketing and subscribed messages.
Key Takeaways
- RFC 8058 defines one-click unsubscribe for email headers.
- One-click unsubscribe lets mailbox providers process an unsubscribe request through a POST request.
- It helps prevent accidental unsubscribes caused by security tools or automated link scanning.
- Gmail requires one-click unsubscribe for high-volume senders of marketing and subscribed emails.
- A footer unsubscribe link is still important, but it is not the same as RFC 8058 one-click unsubscribe.
- Poor unsubscribe experiences can increase spam complaints and damage sender reputation.
- Tools like GlockApps can help marketers monitor inbox placement and understand whether deliverability issues are connected to authentication, reputation, or subscriber engagement.
What Is RFC 8058?
RFC 8058 is an Internet standard titled Signaling One-Click Functionality for List Email Headers. It explains how email senders can signal that an unsubscribe link in the email header supports a true one-click unsubscribe action.
Before RFC 8058, senders could already use a List-Unsubscribe header. This header gave email clients a machine-readable unsubscribe option. However, there was a problem: some spam filters, antivirus tools, and security systems automatically checked URLs inside email headers. In some cases, those automated checks could accidentally trigger an unsubscribe action before the recipient actually chose to unsubscribe. RFC 8058 was created to solve this issue by requiring a safer POST-based process.
What Is One-Click Unsubscribe?
One-click unsubscribe is an unsubscribe process that allows a recipient to opt out of future emails with a single action from the mailbox interface.
For example, instead of scrolling to the bottom of a promotional email and clicking a footer link, a Gmail user may see an unsubscribe option near the sender name. When they click it, Gmail can send a request to the sender’s unsubscribe endpoint, and the sender removes that person from the mailing list.
The key idea is simple: the user should not be forced through extra steps.
A real one-click unsubscribe process should not require:
- Logging in
- Filling out a form
- Visiting a preference center
- Confirming the unsubscribe on another page
- Replying to an email
- Waiting for manual processing
A preference center can still be useful when subscribers want to reduce frequency or choose specific topics. But it should not replace one-click unsubscribe when RFC 8058 compliance is required.
How RFC 8058 Works
RFC 8058 works through email headers. These headers are not usually visible in the email body, but mailbox providers can read them and use them to display native unsubscribe options.
The two most important headers are:
List-Unsubscribe: <https://example.com/unsubscribe/user-token>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
The List-Unsubscribe header contains the unsubscribe URL. The List-Unsubscribe-Post header tells the mailbox provider that the unsubscribe request should be sent as a POST request with the value List-Unsubscribe=One-Click.
Why POST Matters
The POST request is one of the most important parts of RFC 8058.
A normal link click often uses a GET request. The problem is that automated systems may fetch GET URLs to scan them for safety. If an unsubscribe action happens through GET, a security scanner could accidentally unsubscribe people without their consent.
RFC 8058 solves this by separating URL scanning from the actual unsubscribe action. The unsubscribe should happen only when the mailbox provider sends a POST request with the one-click unsubscribe value.
That means:
- GET should not silently unsubscribe the user.
- POST should complete the unsubscribe.
- The unsubscribe endpoint should process the request automatically.
- The user should not be asked to confirm again.
This protects both subscribers and senders. Subscribers do not get removed by accident, and senders do not lose engaged contacts because of automated security checks.
Why RFC 8058 Matters for Email Deliverability
RFC 8058 is not only a technical detail. It directly affects how mailbox providers evaluate your email program.
When users cannot unsubscribe easily, they often choose the faster option: Report spam. This is bad for the sender reputation. Spam complaints tell mailbox providers that recipients do not want your messages, and over time, this can hurt inbox placement.
One-click unsubscribe gives users a clear alternative. Instead of reporting a message as spam, they can simply opt out.
This matters because deliverability is no longer only about sending emails successfully. It is about sending wanted emails, respecting subscriber choices, and making it easy for users to leave when they are no longer interested.
You can use GlockApps to test inbox placement, monitor spam placement, and identify whether authentication or reputation issues may be affecting campaign performance.
RFC 8058 and Gmail Sender Requirements
RFC 8058 became even more important after Gmail and Yahoo introduced stricter requirements for bulk senders. Google says senders of more than 5,000 messages per day must make it easy to unsubscribe and support one-click unsubscribe for marketing and subscribed messages.
For marketers, this means a normal footer unsubscribe link is not always enough. If you send bulk promotional campaigns, newsletters, product updates, or other subscribed messages, your technical setup should support header-based one-click unsubscribe.
This does not mean every email needs one-click unsubscribe. Transactional emails, such as password resets, order confirmations, or security alerts, are different from marketing emails. However, any email category based on subscription or promotional consent should be reviewed carefully.
Basic RFC 8058 Implementation Checklist
To implement RFC 8058 properly, senders should check the following:
- Add a List-Unsubscribe header
This header should include an HTTPS unsubscribe URL that identifies the recipient and mailing list. - Add a List-Unsubscribe-Post header
The value should be exactly:
List-Unsubscribe=One-Click - Use HTTPS
The unsubscribe URL should be secure. HTTP is not enough for modern one-click unsubscribe expectations. - Support POST requests
Your server must accept the POST request from the mailbox provider and process the unsubscribe automatically. - Do not require extra confirmation
If the user clicks unsubscribe in the mailbox interface, the opt-out should be completed without another step. - Make the endpoint reliable
Avoid broken URLs, unnecessary redirects, server errors, or slow responses. - Sign the headers with DKIM
The message should have a valid DKIM signature that covers the unsubscribe headers, helping mailbox providers trust that the unsubscribe information was not modified. - Keep the footer unsubscribe link
RFC 8058 does not replace the visible unsubscribe link inside the email. It adds another unsubscribe method for mailbox providers.
Common RFC 8058 Mistakes
Even when senders add unsubscribe headers, implementation can still fail. Here are some common issues:
1. Adding only the List-Unsubscribe header.
The List-Unsubscribe header alone does not fully enable RFC 8058 one-click unsubscribe. You also need the List-Unsubscribe-Post header.
2. Using the wrong List-Unsubscribe-Post value.
The value must be exact:
List-Unsubscribe=One-Click
Small formatting mistakes can prevent mailbox providers from recognizing the header correctly.
3. Sending users to a preference center.
A preference center is useful, but it should not be required for one-click unsubscribe. The POST request should complete the unsubscribe by itself.
4. Not processing the POST request.
Some senders add the headers but do not configure the server endpoint correctly. If the POST request fails, the user may stay subscribed and become more likely to complain.
5. Forgetting DKIM coverage.
DKIM helps mailbox providers trust the message headers. If the unsubscribe headers are not properly signed, mailbox providers may not display the unsubscribe option or may not trust the request.
6. Making unsubscribes too slow.
Unsubscribe requests should be processed quickly. Delays can frustrate users and create compliance risks.
Does One-Click Unsubscribe Increase Unsubscribe Rates?
Possibly, yes. When unsubscribing becomes easier, more people may use it. But that is not necessarily bad.
A person who wants to unsubscribe is already disengaged. If they cannot leave easily, they may ignore future messages, delete them, or mark them as spam. From a deliverability perspective, a clean unsubscribe is usually better than a spam complaint.
A healthy email list is not the biggest possible list. It is a list of people who actually want to receive your emails.
How to Monitor the Impact
After implementing RFC 8058, marketers should monitor:
- Spam complaint rate
- Unsubscribe rate
- Inbox placement
- Bounce rate
- Engagement trends
- Domain reputation
- Authentication results
- Campaign performance by segment
This is where regular deliverability testing matters. GlockApps can help senders see where emails land across mailbox providers and detect whether reputation or authentication problems are affecting inbox placement.
Conclusion
RFC 8058 is the standard behind modern one-click unsubscribe. It allows senders to tell mailbox providers that their emails support a safe, automated unsubscribe process through email headers.
For subscribers, it creates a better experience. They can leave a mailing list without friction. For senders, it helps reduce spam complaints, support compliance with mailbox provider requirements, and maintain a healthier email program.
The main point is simple: make unsubscribing easy. If someone no longer wants your emails, the best outcome is a clean opt-out — not a spam complaint.
A properly implemented RFC 8058 setup shows mailbox providers that you respect subscriber choice, follow modern email standards, and take deliverability seriously.
FAQ
RFC 8058 is an email standard that enables one-click unsubscribe through email headers. It helps mailbox providers process unsubscribe requests safely and automatically.
Not always. A footer unsubscribe link is still important, but bulk marketing senders may also need RFC 8058 one-click unsubscribe headers to meet mailbox provider requirements.
Usually, no. One-click unsubscribe is mainly relevant for marketing, promotional, newsletter, and subscribed email messages. Transactional emails serve a different purpose.
It gives users an easy alternative to reporting emails as spam. Lower spam complaints can help protect sender reputation and improve long-term inbox placement.