Add support for One-Click E-Mail Unsubscribe Header


Well-known member
XenForo currently implements (automatic) unsubscribe via mailto in header List-Unsubscribe.
This allows users to easily unsubscribe from admin-emails by clicking the unsubscribe link in supporting email clients, this generates an email that XenForo can automatically process to unsubscribe the user.

RFC 8058: Signaling One-Click Functionality for List Email Headers is a specification that anhances the functionality of List-Unsubscribe by specifying another header that allows supporting clients to issue an authenticated HTTP POST request to unsubscribe the user instead of sending an email.

Using HTTP POST instead of email has several advantages
  • Depending on the client, sending an email might require additional user interaction (to complete and send the email) making it more complicated for the user
  • The current email-based automatic unsubscribe processing implemented by XenForo requires a dedicated mailbox
  • It requires the admin to configure this dedicated email account in XenForo
  • It requires the server to have the IMAP PHP extension
  • It requires the server to be able to make outbound connections to the server hosting the mailbox
  • Processing a HTTP POST request is much easier and more reliable than requesting & parsing emails via IMAP / POP3

So all in all this approach seems easier to setup, more flexible and more reliable than the existing implementation.

While support by mail clients is not (yet) that widespread it IMHO wouldn't hurt if this was supported :)
Last edited:
Upvote 7
This has been supported since XF 2.1:
@Chris D
Nope :)

XenForo implemented List-Unsubscribe with mailto; RFC 8058 requires List-Unsubscribe with a URL, an additional header List-Unsubscribe-Post and a valid DKIM signature inculding those headers.
Last edited:
Fine. Not sure we’d go down that route when the functionality basically already exists.

Either way; if you want to make a good suggestion, please provide more details in the first place. Most people won’t have time to read a full RFC spec.
Fair enough :)

I've updated the first post to include more information about One-Click unsubscribe (so a visitor reading this thread doesn't have to read the RFC to understand what this suggestion is about) and why I think this would be beneficial.
Top Bottom