Double opt-in: For and Against

Double opt-in, confirmed opt-in, email address verification, whatever you call it -- nobody ever universally agrees on whether or not you should do it. I see a lot of people in the anti-spam community try to recommend it based on their feelings. They relate specific experiences where a company annoyed them by not confirming subscriptions. Interesting, but it doesn’t always speak to senders in the language they need to hear. Unhappy anecdotes don’t provide the necessary info to convince marketers, who generally work by way of a data driven decision making process.
  • What makes response rates go up and down?
  • What’s the risk of not doing double opt-in?
  • How does it actually correlate to lost sales or lost revenue opportunity?
“Because you’ll get blacklisted” is often thrown around as a reason to do double opt-in. The simple fact of the matter is, that’s not a good enough answer any more.

A lot of blacklists will list you only for not doing double opt-in. Does it hurt? If they list you, you’re cut off from only the list’s users, and the more draconian lists that do that are generally very lightly utilized, having absolutely very little effect (if any) on deliverability and email performance. If you can’t measure it, it doesn’t matter.

Reading around today, I ran into this: Two marketers, talking about double opt-in. One making the case for, and one making the case against. Both, actually, have some valid points, and are worth checking out.

It’s nice to see that in some instances, a double opt-in model can be shown to improve ROI. This is important data that more anti-spam groups and double opt-in advocates need to collect and publicize. It speaks to marketers in their own language.

It’s also true that double opt-in isn’t perfect, from a marketer’s perspective. Not everybody can figure out how to confirm, no matter how easy you make it. And, confirm emails get eaten by bad spam filters sometimes, just like regular emails.

With all of that in mind, can you make double opt-in work for you? Have you tested it recently? If so, what were the results? If not, what about it didn’t work for you?


  1. Al -

    Magill says that "one e-mail service provider recently found its messages blocked by a major Internet service provider because of the very confirmation process designed to prevent spam." Obviously incorrect - the messages would have been blocked if they were single opt-in, double opt-in, or no opt-in at all.

    Magill's complaint is that a bot used a spamtrap address to repeatedly sign up for the mailing list, and that the confirmation email therefore went back to the spamtrap.

    But it stopped there. At least, if the confirmation process worked right, none of the marketing email ever got through to the spamtrap, and if the ISP were to look at the incoming messages it would have been obvious that they were confirmation messages.

    Now consider if the list hadn't been confirmed opt-in. Instead of a confirmation message going back to the spamtrap, the marketing piece would have come to the spamtrap address, and kept on coming. So if anything, more email would have been sent to the address. And rather than confirmation messages, it would be marketing pieces. Certainly it would be harder to talk your way out of sending those to a spamtrap.

    Magill's logic is, as usual, off the mark.

  2. Tim, I see where you're coming from.

    But, very few senders are choosing to do COI/DOI. I am eager to get more to do it, but I, like many other people in positions like mine, need more ammo. There are plenty of senders doing things right, staying out of spamtraps, and who aren't doing COI/DOI. That's because it's not the only way to keep spamtraps off the list, though I agree that it's a very good way.

    What we need is more business reasons to do it.

    And we need filters and blocking tools that are smart enough to exempt confirmation requests from false positives. And then exempt the resulting mail from false positives. That really is a huge thing one has to deal with as a DOI/COI list manager -- I've been down this path before. Back in the day, my confirmation request IP used to regularly get listed by Spamcop, for example. And poorly designed spam filters and DNSBLs don't treat double opt-in mail as differently as some claim or pretend to do.


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.