You can make valid HTTP requests but go against the design of HTTP. I'm focusing in my answer on correct HTTP design.
First, when you do a GET requests, you always receive a representation of a resource. Even if a URL represents something like a 'collection of resources', there is no strict definition of this in HTTP. That list of resources can still represent multiple 'entities' coming from your data-model.
So a call to /users can return multiple user-entities.
Similarly, a DELETE to users could mean that you are deleting the entire /users collection and everything in it.
One issue that I see, and don't have a great answer on is that you're using the the query string to delete multiple resources. I think this is fine for GET / HEAD, but I question whether it's correct for DELETE as well. It definitely feels a bit 'weird' to me because I feel that a DELETE on /users?foo=bar should delete /users and commonly it will due to how most frameworks work. Should it? I'm actually not sure. REST is not strictly a standard so we can't go and find answers there, so all I got is that it 'feels wrong'. I realize that you're not strictly asking for REST, so from a strict HTTP perspective it's definitely ok.
However, you could structure your urls to not look like:
/users?id[]=12&id[]=4&id[]=65
but instead something like this:
/users/12,4,65
I've seen others do this, and it feels a bit less wrong to me. But this is mostly conjecture.
Regardless if you do a DELETE on multiple entities like that, the request should either succeed or do nothing at all. Partial success is not accepted, so you can just use the usual 200/204 response codes to indicate a successful delete.
