Why does /audit return in ~3 seconds?

We read DNS and key email header fields only, use parallel resolvers with 2s timeouts, and return structured results with suggestions.

What is Proof‑of‑Scan?

We hash canonical JSON (sha256) and provide a Verify endpoint to recompute via multiple public DNS resolvers and compare hashes.

Do you store email bodies?

No. We never store bodies. We parse headers only, delete .eml right after parsing, and keep PDF/JSON for evidence.

Unsubscribe UX vs deliverability

A visible, frictionless unsubscribe reduces complaints and throttling risk. RFC 8058 One‑Click is a strong trust signal: clients can offer native UI to unsubscribe without abuse.

Verify headers

Check presence of List‑Unsubscribe and List‑Unsubscribe‑Post: List‑Unsubscribe=One‑Click. Automated checks should not dereference URLs.

Design guidelines

Put an unsubscribe link above the fold and in the footer
Use a single‑step HTTPS endpoint (no login); idempotent POST
Confirm opt‑outs immediately; show clear status

Anti‑abuse

Rate‑limit and token‑protect endpoints
Disallow non‑https schemes (e.g., file://, gopher://, 169.254/metadata)
Never follow unsubscribe links in bots or monitors

Unsubscribe UX vs deliverability

Verify headers

Design guidelines

Anti‑abuse

Next steps