Does Germany require COI/DOI?

What is COI/DOI? It's just address validation and permission verification -- you send a welcome or verification message and the recipient has to click on a link to prove they want the subscription. And it's not a new thing, here's me talking about it on this very blog fifteen years ago.

Note: I think the terms "double opt-in" and "confirmed opt-in" are interchangeable. I find that most of the time, internet security and anti-spam folks call it COI, and marketers and some deliverability folks (like me!) call it DOI. When doing so, they refer to the same process of requiring an active response to the initial welcome or verification email.

There are a lot of good reasons to implement COI/DOI, but today's specific question is -- does Germany "require" it? Ultimately this is a legal question, and I'm not a lawyer, so I'm not qualified to answer legal questions. But I can share and link to what other folks have said on this topic, so that's what I will do.

First, Litmus has this excellent article on international opt-in requirements that they published in 2016. They say: "German courts have decided that a single opt-in process is not sufficient proof of prior consent. They argue that  a person other than the owner of an email could have entered the address in a form. Even though there is no law that explicitly requires a double opt-in in Germany, 45% of German brands have adopted this process as best practice—just to be on the safe side."

I am told that the case law referenced in the Litmus article is a good place to start for understanding where the COI/DOI requirement comes from. If you can speak the language, I suggest diving into the linked Teradata case study for more information.

This 2012 article from the German E-Mail Marketing Tipps blog may be getting a bit dusty, but suggests a similar answer: "Double opt-in is not legally mandated in Germany. But it is recommended in many scenarios. Without a well-documented DOI you may not be able to prove permission, depending on the judge."

This Lexology article from 2014 says, "2013 guidelines advise a double opt-in for consent provided electronically."

The Certified Senders Alliance, a centralized European whitelist provided this brief guidance in 2017: "DOI: if not now, then when?!" For more detail, this CSA/ECO guide (see section 2.10) provides additional guidance.

German law firm "IT-Recht Kanzlei" who seems to focus on IT law, published this guidance in August 2018: E-Mail-Marketing 2018: What changes in the DSGVO regarding newsletters?

And finally, what do ISPs say? Here's one example of a reply from a German-based ISP that a friend was kind enough to share with me. The ISP said, "As you surely know the sender needs to have recipients Double-Opt-in/Closed-Loop-Opt-in confirmed before mailing to German residents to comply with the German Bundesdatenschutzgesetz."

Got any additional information or links to share? Feel free to leave information in comments below.

How to Recover from Email Marketing Mistakes

Whoops! Email launch error. Wrong content? Wrong list? Broken images? Exposed mail merge variables? What do you do? Litmus's Chad White helps you break it down with a series of simple questions.

The future of email?

From Dot Magazine: Email has been around a long time now, but it’s still got a lot of life left in it. Marcel Becker from Oath explains how email will evolve in the future.

(Oath, if you don't recall, is the company managing the AOL and Yahoo Mail platforms.)

H/T: Anthony Chiulli.

Reference: All AT&T Email Domains

AT&T has a Postmaster site, but it doesn't contain a comprehensive list of their inbound email domains. However, they do have a help page for AT&T users looking to configure their email client, and it does list all of their inbound email domains.

From that help page, here is a list of all AT&T consumer email domains:

AT&T users used to be able to read their mail via Yahoo Mail's web user interface, but this seems to no longer be an option as of sometime in 2016-2018. Thus, in the past, AT&T and Yahoo filtering might have been related (especially spam folder delivery), but I think that is no longer the case.

Special thanks to reader Laurence Marks, who provided much of this information in a past comment. Thanks!

Are any domains missing? Leave a comment with corrections, feedback or questions.

Sender ID? No, don't bother.

Back in 2016 I pointed out that Sender ID no longer matters. It's still true today!

Indeed, the RFCs for Sender ID are being moved to "historic" status -- indicating it's not an active standard.

Howto: Create a Gravatar brand icon

Recently I talked about how to make your brand image icon show up when sending to Gmail recipients. Today I'll talk about how to do the same for a different set of smaller ISPs and email clients.

Gravatar is a system owned by the folks behind Wordpress that allows you to upload an image or photo that is then linked to an email address. The primary use of the system is to show user icons for commenters on Wordpress blogs, from what I can tell.

An interesting secondary use is to use this "Gravatar" image to represent the sender of an email message in an email client. Email client and ISP support for Gravatars is not broad. According to this article from Zendesk, support for this is specific to users of Airmail, Sparrow, Postbox, and the Thunderbird email client. And I am led to believe that Thunderbird support requires a plugin.

However, signup is easy, so why not do it? It'll extend your brand image reach just a little bit further, with only a little bit of work.

Here's how to do it:
  1. Go to
  2. Click on the "Create your own Gravatar" button.
  3. Enter the email address that your brand or company uses to send emails from.
  4. Choose a username. This must be unique. Don't be funny here, as it may later show up in some other place that we don't expect.
  5. Choose a good password, and don't lose it.
  6. The Gravatar system will send a confirmation email to the address you specify. After you receive that email, click on the "Activate Account" button within. The message comes from
  7. After you click on the activation button, you are returned to the website. Click "Sign In" to log back in to
  8. You'll land on a "Manage Gravatars" page. It'll say, "Whoops, looks like you don't have any images yet! Add one by clicking here!"
  9. Click on the "click here," click on "Upload New," and click on "Choose file" to select your image.
  10. Click "next." You'll be led to a screen where you can crop the image, if desired. Click on "Crop Image" to continue.
  11. "Set rating" for your Gravatar image. Is it safe for all? Then select "G" rated and submit.
  12. You now have a Gravatar image uploaded.
That's it! You're done, and your Gravatar image should display alongside emails from you, when sent to recipients who use any of those handful of ISPs or email clients.

I suppose that if your social media brand ambassador ever decides to respond to comments on Wordpress blogs, you'll be covered there as well.