Double-opt in. Why, how and when?

6 minute read

An interesting question regarding opt-in came up at last week’s Discovery Morning – to double opt-in or not?

Double opt-in is the process of asking a new subscriber to confirm their intention and their details when signing up to receive your emails. Although the name suggests it’s a two-stage process – there are typically 3 components to the double opt-in.

Double opt in

Here’s a nice example of double opt-in from ED London. First, the subscriber completes their contact details (typically on an online subscription form) and then clicks the call to action to submit their request.


The second stage is a confirmation, typically the send and receipt of an email, through which the subscriber is invited to review their submitted details and reconfirm their intention to sign up. You won’t want to administer this manually so this is best done using a simple marketing automation rule or auto-responder. Asking the subscriber to click on a supplied link is a common approach to verification.


Finally there’s usually an acknowledgement that the confirmation has been accepted and that the subscription process is complete. This could be another email, but where the opt-in confirmation is via a supplied link it’s also common to have this as a redirect to simple ‘all done’ online message – probably also a redirect to your main website where your new subscriber can continue browsing.


So, to the question. When should double opt-in be used?

Double opt-in is not a legal requirement of the permission process. The Data Protection Act and the recent European GDPR (General Data Protection Regulation) require that permission (referred to in these articles in terms of consent) is a free, unambiguous and affirmative choice, and that the reason for the data collection and the possibility to opt-out must be included. However although it may not be a legal requirement, double opt-in is generally accepted as good marketing practice for certain types of enquiry, especially for digital forms of data collection.

Sign me up

We generally recommend double-opt in for any subscription type of process, that is when an individual is signing up to receive ongoing emails from you. The confirmation process ensures that the form submission has not come from an automated web-bot, that the email address has been entered accurately (the send and receipt of the confirmation email ensures this) and that the intention to subscribe is truly understood an affirmed.

In all of these respects, double opt-in not only satisfies the legal requirements but also upholds the principles of genuine permission marketing. It’s also auditable. If push comes to shove and you are ever required to demonstrate or defend this subscriber’s permission status then the double-opt-in makes everything crystal clear.

Let me download

It’s a matter of opinion but we don’t generally use double-opt in for a straight forward download – for example the download of a piece of online content. In many cases it’s still valuable to capture some user information in order to access the download but it’s arguable that this is not a true subscription process – it’s just a one-off interaction.

In this case it’s common to see some other form of verification process – the Captcha is a good example. A Captcha is a challenge-response type of verification which is used to ensure that responses are human. By requesting a non-robotic action (for example the echoing of a displayed code or completion of a simple qualifying question) the Captcha verifies that the submission has been completed by an (Intelligent) human. Failure to respond correctly will stop the submission from occurring.

CaptchaOf course the Captcha doesn’t ensure that the submitted contact details (typically an email address) is genuine. Some download gateways include an inbuilt intelligence to detect valid email formatting but even so, if only genuine email address submission is acceptable then either offering the download details via an emailed link, or adopting a full double-opt in process will be needed.  In our experience it’s a two-way relationship – those genuinely interested in accessing valuable content will be willing to submit a minimum of identification. Setting up and reviewing a low key follow up ‘thank you – you might also be interested in this…’ type campaign reveals that deliberate submission of an incorrect email address is actually relatively rare.


Then there’s the final situation of the inbound enquiry. Like many businesses offering non-commodity type solutions, we encourage inbound contact by telephone or direct email enquiry.

However many also invite contact via a ‘contact us’ form. In theory the double opt-in process could also be applied to submission of this form but in practice genuine enquirers looking for a response will submit sufficient and accurate contact details. Double opt-in verification in this case is both unnecessary and potentially off-putting.