Why does /audit return in ~3 seconds?

We read DNS and key email header fields only, use parallel resolvers with 2s timeouts, and return structured results with suggestions.

What is Proof‑of‑Scan?

We hash canonical JSON (sha256) and provide a Verify endpoint to recompute via multiple public DNS resolvers and compare hashes.

Do you store email bodies?

No. We never store bodies. We parse headers only, delete .eml right after parsing, and keep PDF/JSON for evidence.

One‑Click unsubscribe (RFC 8058) — practical guide

Gmail/Yahoo bulk sender rules expect a frictionless, one‑click unsubscribe. This page shows a minimal, secure implementation and how to verify compliance without triggering live endpoints.

Add the headers

Add both headers and keep the HTTPS endpoint simple and idempotent.

Required headers

List-Unsubscribe: <mailto:unsubscribe@example.com>, <https://example.com/u/12345>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

List-Unsubscribe may include both mailto: and https:
List-Unsubscribe-Post must be List-Unsubscribe=One-Click exactly

Security guardrails

Never auto‑request unsubscribe URLs in background jobs
Allow only https:// scheme; block file://, gopher://, http://169.254…
Short‑lived tokens bound to user and list; rate‑limit and log
Return 200 on success without extra clicks; support CORS for in‑client handling

Verify and document

Our audit only checks presence/syntax (never dereferences). Save a PDF evidence pack with scanId/sha256 and Verify link for reproducible proof.

One‑Click unsubscribe (RFC 8058) — practical guide

Add the headers

Required headers

Security guardrails

Verify and document

Next steps