emailOnce a gold-standard best practice, is double confirmed opt-in for email marketing programs now "outdated" and a "terrible idea"?

Email marketing veteran (and, full disclosure, personal friend) Bill McCloskey thinks so, and list a myriad of scenarios that can go wrong when marketers take this virtuous path.

I'm hardly unbiased when it comes to confirmed double opt-in. When the Federal Trade Commission (FTC) sought recommendations for CAN-SPAM legislation back in 2003, I testified in Washington on the virtues of confirmed double opt-in.

Plenty may have changed in email over the past six years, but not that part.

Let's look at Bill's fallacious arguments.

1. "What a terrible idea if you want to grow your list!"

Confirmed double opt-in lists may not be as big as their single opt-in brethren, but they're infinitely more valuable, just as a few nuggets of gold beat a pile of pebbles, hands down. The gulf separating open and response rates between these two species of lists is a vast one, as common sense would dictate. You want the biggest list you can get? Fine. Me, I'll take the best list I can get.

2. "With deliverability the way it is, there's no guarantee they will even see the confirmation email."

Right you are. And if they don't see the confirmation email, they're not going to see subsequent mailings, either. So get your delivery problems solved. This one's a no-brainer. Authenticate your server and sending domain, encourage subscribers to whitelist your "from" address. None of these steps are remotely connected to double confirmed opt-in, they're stand-alone, proven best practices.

3. The confirmation email "just might get lost."

See above.

4. "The email just might get flagged as spam by your email client and go directly into the junk file."

Please re-read the bit about asking subscribers to whitelist your sending address in their email client.

5. "It's tough enough out there. Why make things harder on yourself and your clients?"

Who said this was supposed to be easy? You want a big list? That's easy. Spam. Add every email address you can lay your hands on to your lists. Buy illegal software that spiders the web to capture unwitting email addresses and blast away. You'll soon have yourself a big, fat list - guaranteed.

But smart, ethical, dedicated marketers - the ones who want solid results from their campaigns - know size isn't the only thing that matters.

Rebecca Lieb

Published 12 February, 2009 by Rebecca Lieb

Rebecca Lieb oversees Econsultancy's North American operations.

Follow me on Twitter, or connect with me on Facebook.

160 more posts from this author

You might be interested in

Comments (11)

Save or Cancel


Nicely said on the deliverability rebuttal.  I am far from an expert on e-mail marketing, but that thought did occurr to me - if they don't get the confirmation, then what about the e-mails they signed up for. 

I can't say I'm a big supporter of double-opt in, I personally just find it annoying to have to log my email each time I sign up for e-mails, so some I have passed over for that very reason.  But it stands to reason it does make for a cleaner, more qualified list.

over 9 years ago


John Caldwell

I'm just curious as to how, in #5, SOI all of a sudden becomes harvesting....  Isn't that kind of a quantum leap?

I need to complete a Captcha to post here.  Why not promote that same process for subscribing to receive email instead of DOI?

over 9 years ago


Al Iverson

Rebecca: Great rebuttal. You're my hero.

John: You're missing the point. The point is that "the easy path" isn't the right one. If you want the easy way out, spam.

Nothing wrong with a captcha - but it doesn't validate the recipient's email address. Replying to a pro-DOI argument with "what about a captcha" is like replying with "what about cheese from a can?" It has nothing to do with email address validation.

over 9 years ago


Bill McCloskey


Nice article. To bad it is all wrong. First, if you think SOI is evil, about 99% of all retailers disagree with you. We've found consistantly that only about 1% of retailers do a double opt-in. And almost all of the ones that do, do it badly, as I showed in some of the examples I presented at the EEC. Also the vast majority of the audience agreed with me.

Maybe showing ID at the door of your favorite store would be a good idea as well.


over 9 years ago

Vincent Amari

Vincent Amari, Online Consultancy at Business Foresights Ltd

I fully support DOI as it makes common sense.

* Confirming deliverability

* Confirms in case of spelling errors

* Avoids prank sign-ups

over 9 years ago



@Bill, who says, "Maybe showing ID at the door of your favorite store would be a good idea as well".

I'm not sure why you think this is a good metaphor. A more correct one would be, "Maybe showing ID while paying with a check would be a good idea as well." That's a terrific idea - wonder why no one is doing that ... oh, wait ...

over 9 years ago


John Caldwell

@Al, I don't believe there is an easy way - or an only way....  You make a good point re: address validation. 

My Captcha comment carried over from the discussion over at ClickZ and is more appropriate for those worried about bots loading a list (like there's any money in loading someone else's list with junk, unless it's a competitive reason, but that's another story)

@Bill, So who's going to tell retailers that they have to scrap their abandoned order programs?  lol....  :)

@Everyone that keeps bringing CAN-SPAM into the conversation, cite where the Act even contains the words "double" or "confirmed" or stop bringing it up like it's germane. 

Those words are not found anywhere in the Act or subsequent Final Rule.  And "opt-in" is found only 3x in the Final Rule; once citing "FTC v. Opt-in Global"; once in relation to "Online Groups"; and the last as a footnote to reasonable period of time to process an opt-out request.

@All, isn't assuming that SOI is only about list size; equating SOI w/ harvesting; and equating all SOI as spam sound a little vigilante-esque?

over 9 years ago


Chris Lang

What a terrible idea, not using double opt in for these reasons.

First, any spam complaints are stopped dead in their tracks by double opt in documentation. Especially at SpamCop.

Second, let's say I am your competition. AND I am an unscroupulous bastard.

So I know you don't use double opt in. So I just go to your form and start entering emails that are real. I can use an old list, I can use the spam trap addresses I know of at Trend Micro.

Just like that your email list is history. Trend Micro will block you by URL and sending email address.

Gmail, Yahoo and Microsoft (who cares) will block you in a instant. Trend Micro will list you as a malicious site and block you in the browser.

Now your list is history, 60% of your traffic will never even reach your site, your reputation will be destroyed and you can go work at Circle K because your business is history. Bye Bye.

I know because Trend Micro blocked my site by accident. I went from making $4K a week to nothing, nada, NO INCOME. I was homeless two months later.

I lost my email list, my affiliates, my entire business and I have still not been able to build it back up.

All because of some malicious little Mother's basement dweller that knew how to manipulate Trend Micro. I could crush your business in a instant. So could the guy that got me.

BTW Trend Micro AV products are the #4 most sold piece of Windows software according to Cnet. They are huge. Sue them? They are a Japanese corporation. Go ahead, Let me know what Circle K you are working at, we can compare notes.

Still want to use single opt in???

over 9 years ago


John Caldwell

@Chris, Always remember, locks are for honest people.

One of the biggest mistakes kitchen-table and enterprise-level operations both make is list management.  List management isn't just segmenting for this, that, or the other thing; it's about collecting Time/Date and IP address of the subscription; it's about list hygiene; it's about Feedback Loops, and bounce logs, and all kinds of other things.

While I feel your pain, I'm guessing that you didn't pay attention to any of these things. 

Let me share a little something with you:

I worked for a $.75bn dollar company and generated about $30mm/annually through the email channel using SOI while maintaining a bounce rate of less than 1%, a fluctuating complaint rate rarely above the minimum acceptable rate, and with a 89-92% average deliverability quotent. 

If I'd have gone to my V or C-level management and told them that we needed to switch to DOI I'd have been thrown out.  If I'd have told my V or C-level management that our ESP insisted on DOI they'd have told me to find another vendor or take the $1mm we spent annually with our vendor and put that money into an in-house system.

Now I know that my real-world hands-on experience at the enterprise might put me at a disadvantage here, but email marketing isn't like elementary school soccer - not everyone gets a trophy....

over 9 years ago


Anonymous Legitimate Publisher

Having used Single Opt-In for a decade for a daily newsletter with mid-five figure subscribers, I second Bill and disagree with Rebecca. DOI is the kiss of death for anyone without the resources to spend mega bucks to build upto a critical mass. When people like Rebecca testify in Congress, they are doing so on behalf of the mega brands with the money to make double opt in work. For most businesses in the US, Rebecca's ideas would be poison, which is why SOI is the standard. Its time that folks online realized that there are two visions of operating on the web - one for large companies, and another for small companies. And guess what, the small fry are winning. The Rocky Mountain Post hit the dust today. Rebecca is near retirement and can afford to go down waving the flag of the conglomerates of the past. Those whose career is still in the future would be well advised to ignore her exhortations of DOI.

= Anonymous only bcos I fear retribution by big conglomerates represented by Rebecca.

over 9 years ago



Although I agree with this post in practice (I set up single optin lists for my clients), the biggest risk is a malicious competitor that puts a spam trap email into your optin box, and because you don't mail that spam trap and get your account crushed :(

So...again...I haven't had a problem with that, but I do know those who have, and it's a risk worth considering depending on relevant factors.

Just the two cents of someone that gets paid a lot to both setup, and teach, about email systems, design, architecture, management...yada, yada, yada :)


over 6 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.