DELIVTERMS: the ongoing series here at Spam Resource that helps you decode those pesky deliverability acronyms and technical terms. Today we're going to talk about COI and DOI.

Confirmed opt-in (COI) and double opt-in (DOI) are two different terms that effectively refer to the same process. COI/DOI refers to the process of confirming email addresses in a certain and specific way. It works like this:

  1. A person who wishes to sign up for your email list enters their email address into your signup form.
  2. You then send the recipient a confirmation email.
  3. The recipient must click on the link in that confirmation email to finish the signup process (and you don't consider the person fully subscribed to your list until that person has clicked on the link in the confirmation email.)

It requires that active final step from the recipient before that subscription request succeeds. What you're doing here is ensuring that the person in question can actually receive emails from you, AND logging a positive response -- the click -- that shows you that they want to receive your email messages.

This is a strongly positive thing from the perspective of positive deliverability (and spam prevention). Confirmed opt-in / double opt-in leaves you with a cleaner list. Fewer of your email messages will bounce due to invalid addresses. You're very likely to see fewer spam complaints about your mail; as it is nigh impossible to forge subscribe somebody to a double opt-in list.

What's the downside? The only downside is really that until the potential subscriber completes the confirmation step, you can't really consider them a subscriber. They won't end up on your list. And if they're not savvy enough to know to watch for the confirm email and click on the link, they'll perhaps think they're signed up, when they're not. Confirmation emails can get blocked, missed, or ignored. It happens.

Should you implement double opt-in? Not everybody does, but I strongly recommend it, especially for smaller senders. In 2023, an anti-spam blocklist seemed to specifically start hunting for spamtrap hits from customers of certain email service providers that service small senders. It can lead to tough problems that small email senders, especially non-technical ones, will want to avoid at all costs. I've talked a bit more about that here.

Is it called double opt-in or confirmed opt-in? Historically, people involved in spam fighting; running a blocklist, or involved in other "anti-abuse" measures would call it confirmed opt-in. Almost everyone else calls it double opt-in. Some people take umbrage if you use the wrong term; but the point, in my opinion, should really be about the practice, and I believe it to be a waste of time to argue about the name. More on that here.

How do you implement double opt-in? If you're building an email platform and want to implement double opt-in, here's a how-to guide that I wrote way back in 2006, and is still pretty much useful and accurate for today.

Some people claim that double opt-in is required in Germany. Is it? I've written more about that here.

Post a Comment