Do you double opt-in? And should you, in 2023?

Double opt-in (also called "confirmed opt-in") can help to prevent list hygiene problems, but some people are dead set against it. I'm not going to change their minds. I'm not even going to try to. But I've seen some changes at Gmail lately that lead me to think that I'm doing the world a disservice if I don't at least warn you: If you're a small newsletter publisher or small marketing sender, if you're anyone using an SMB-focused or shared resource focused email sending platform, you're putting yourself at risk by not employing double opt-in.

Recently, a number of us in the email deliverability space started to hear that a bunch of smaller email senders, ones that were otherwise doing just fine yesterday, were suddenly finding their mail going to the spam folder in Gmail mailboxes today. Diving into it, this was all specific to a certain email provider, and was affecting a specific subset of that provider's clients. Not all were affected, but I would guess that a "healthy" number of their clients were affected. 

Why? What actually happened? 

You have to strain to read between the lines to decode this one; as far as I can tell it boiled down to: Gmail has a new (additional) data source for spam filtering, that data source is fairly aggressive when identifying mail to spam trap addresses, and those affected all seemed to (A) be a client of that particular sending platform and (B) not employing double opt-in. At some point later on, the changes were rolled back – hurray, things went back to normal! Except, I have strong suspicion that this rollback was only temporary, and that there's a good chance that things will go back to bad (for those email senders) at some point in the future.

I'm dancing around a bit here, and using reasonable guesses to fill in some of the blanks. But the TL;DR version of this is as follows: if these small/small-ish senders had utilized double opt-in from the start, they would not have run into this Gmail issue; AND there's a chance that this issue could and would recur, if not tomorrow, but some day. The target could again end up being the same – small/small-ish senders who haven't implemented double opt-in. And if the change becomes "the new normal," crawling back out of the inbox, to the spam folder, will not be fun at all.

Why would anybody target these senders in this way? I'm not sure the affected senders were necessarily targeted; it's entirely possible that their "spamtrap hit counts" (i.e. number of email messages to bad addresses) had risen high enough to be noticed by those tracking and filtering spam.

And just like I mentioned before how some marketers get really unhappy when you talk about double opt-in, on the other side of things, there are anti-spam groups, blocklists, and people running filters who think that ALL bulk mail should be double opt-in – double opt-in or don't send at all. What you don't want is to get caught in the middle of an argument between an email send platform (who might not require double opt-in) and a spam filterer (who is effectively attempting to mandate it). 

Let's TL;DR the TL;DR: If you just turn on double opt-in now and don't worry about it, you side step all of this nonsense. All of these concerns become somebody else's concerns. Any sort of "fight" about whether somebody deserves to be blocklisted, or go to the spam folder at Gmail, none of this will affect you. And that's why, at the end of the day, I think it's time for certain types of senders to implement double opt-in.

It's a specific pain and a specific risk; but I think I just watched it happen once already in 2023 and I think it's a fair bet to say that it'll happen again someday soon.

Wondering how to implement double opt-in in your email send platform? Many providers have that functionality built in; ask support for guidance and check the online docs. Here's info from MailchimpConvertKit, and Constant Contact, for starters.

Double opt-in is not new; I've been talking about it for years (and using it myself since late 1998). Not everybody confirms addresses in this way; and not everybody has to. Mention double opt-in to some folks and they'll turn red, get very angry, talking about unconfirmed opportunities and missed subscribers. Sometimes people don't complete the confirmation step. Sometimes the double opt-in email confirmation gets trapped in a spam filter. But also, sometimes the confirmation email is just going to a bad address; could be invalid, could be a spamtrap, and thus, there's no human on the other side of that mailbox to verify their existence for you.



  1. Anyone who is concerned about missing opportunities during sign-up by requiring DOI: Just implement a two-phase process:
    1) collect the email address, which remains functional, but "unverified" until a DOI email is clicked.
    2) you have a fixed period of time to verify your email address by clicking the original DOI email, or by resending a verification email


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.