We are often asked by volume email senders just why we urge people to use confirmed opt-in (or “double opt-in”) whenever possible. After all, they know that they are being ethical and only adding to their mailing lists people whom they believe really want their mailings.
Why should they have to go through the added “hassle” of using confirmed opt-in? Why should they put their recipients through that hassle? (Yes, some senders have actually convinced themselves that users would rather be put on a mailing list without their permission than have to go through the “hassle” of clicking on a link to confirm their interest.)
It makes sense that squeaky clean, legitimate email senders would wonder about this. If you are keeping meticulous records of the date, time, and location that someone requested to be on your mailing list – if you are even recording the IP address from which the request originates – why should you go that extra step, and require confirmation?
It’s the only way to prove your innocence to a claim that you spammed someone – it’s the only way to prove it to the ISPs and spam filters who will have to look at your word versus the the word of their own user who claimed that you spammed them.
Example #1: Let’s say that this morning I go to some random site, and sign your email address up for all 43 of their newsletters. Your inbox gets flooded, and you complain that they are spamming you. They produce records showing that on July 30, 2009, ‘you’ signed up for those newsletters from IP address 220.127.116.11. Only, of course, you didn’t. And if they had required confirmation, the situation would never have happened.
Example #2: Someone who has it in for John Doe goes to your web site and signs John Doe up for all of your newsletters. John Doe complains to your ISP, to their ISP, and to SpamCop. Now you are trying to prove that John Doe really signed up. Only you can’t prove it, and so your ISP, his ISP, and SpamCop now have you on their radar as, at best, someone whose system can be abused to cause someone else to be spammed – at worst, someone who is intentionally spamming and lying about the opt-in information (single opt-in info can be easily spoofed – whereas it’s basically impossible to spoof a confirmation that required someone at the target email address to respond to something that was emailed to that address, such as following a link or replying to an email).
Example #3: Someone who has it in for you goes to your site and signs up an anti-spammer, or someone who runs an ISP or spam filter blacklist, for one or more of your newsletters. The anti-spammer/ISP person knows darned well they didn’t sign up for your newsletter – you are spamming them – and you get blacklisted. And you can’t get unblacklisted because in fact you are spamming them – you’ve been set up (yes, this really happens).
These are but three examples – real life examples – of how not using confirmed opt-in can cause you serious problems.
So, do you have to use confirmed opt-in?
Only if you want to be sure that your email gets through.