The Spamhaus Project


Confirmed Opt In - A Rose by Any Name

by The Spamhaus TeamAugust 11, 20085 minutes reading time

Closed Loop Confirmed Opt In is the full technical term for the best opt-in subscription practice around. But whether you call it Confirmed, Verified, Double or any other adjective it still means the same thing: "Hey you! Subscriber! Is this really you who signed up for this list? Unless you respond, we won't send you more mail." The subscriber's response completes the loop and confirms their desire to start receiving that bulk e-mail stream.

Spamhaus has always advocated the policy of Confirmed Opt In (COI) for bulk e-mail subscriptions. COI prevents unwanted subscriptions due to forgeries and typos, and provides an auditable trail of accountability which supports the list's opt-in integrity if a recipient reports the mail as spam. COI isn't a cure-all for all list problems; some other tips on bulk e-mailing are in our Marketing FAQ. Lists still need working unsubscribe mechanisms and bounce processing to keep the list itself clean, sending servers still need correct configuration and many other techniques are involved in order to achieve optimal e-mail delivery. But for the important initial step of address acquisition, COI provides a very reliable tool to prevent unwanted addresses - and spamtraps - from polluting the list and causing delivery problems.

Most ISP Postmasters suggest COI as one of the important ways to ensure good delivery to their customer's mailboxes. Many ESPs and other bulk mail services likewise recommend COI to their clients. This piece will point to some of those recommendations as well as links to a few other resources supporting COI.

Let's start with a recent (30 July 08) piece of advice from Yahoo! which says "We recommend commercial e-mail senders ensure they're sending mail that Yahoo! Mail users want to receive. This means following recommended practices like confirming - and even periodically re-confirming - that users want to be on their mailing lists and proactively removing anyone who doesn't read their mail." Yahoo has previously posted "...use confirmed, opt-in email lists. To do this, after you receive a subscription request, send a confirmation email to that address which requires some affirmative action before that email address is added to the mailing list. Since only the true owner of that email address can respond, you will know that the true owner has truly intended to subscribe and that the address is valid." (noted on Aweber's page, below [3])

Next let's look at what Google ( says:

"Each user on your distribution list should opt to receive messages from you in one of the following ways (opt-in):

* Through an email asking to subscribe to your list.

* By manually checking a box on a web form, or within a piece of software.

We also recommend that you verify each email address before subscribing them to your list."

There's lots more good advice for bulk mailers on that page, too.

Microsoft (,, publishes guidelines for sending bulk mail to its network. It specifically references MAPS Guidelines for proper mailing list management which has supported COI since MAPS earliest days: "New subscriber's email addresses must be fully verified before mailings commence." MAPS' page provides further guidelines for proper principles and methods of maintaining clean opt-in lists, and Microsoft's page links on to much more information for bulk mailers, including their feedback loop.

Many years ago, Tom Kulzer's ESP ran into a bad patch of spammers. He quickly learned that COI was an invaluable tool for his customers to keep their lists clean and he remains an advocate of COI to this day. Among his many pages with helpful tips to list owners, he talks about COI on at least three pages ([1], [2], [3]). Tom cites a variety of well-known brands which employ COI including CNN, Microsoft, Oprah, CNet,,,,,,,,, and That's just for starters.

DigitalRiver, a large e-commerce service provider with several ESP brands in their company, publishes a "How To" guide encouraging their clients to confirm subscriber addresses: "Why do it? This greatly reduces spam complaints against the resulting mailed list; as there are no instances of bogus/invalid email addresses on the list that shouldn't be there, and nobody can successfully sign up an email address other than their own. As a result, any spam complaints received later are refutable; they are the result of somebody who wants to unsubscribe, forgot that they subscribed, or decided to send a false complaint. With a double opt-in process and associated tracking data, you can prove to ISPs and anti-spam groups that the mail was solicited and that your mail is not spam."

Sometimes, for various reasons, a list needs a "permission pass" in order to clean out non-responsive or improperly permissioned addresses. Here is an account by a subscriber to's list about how they employed such a strategy to retain and engage high-value subscribers while decreasing list size and related complaints, thus ensuring both good delivery and good business.

Note: This post is not an endorsement of any of those service providers. It is simply a collection of pointers to Confirmed Opt In recommendations. If you have a page recommending COI, we might be able to link to it, too.

2008-09-09: Ken Magill at offers advice on COI to marketers: "And there's a lesson here for marketers: They should stop kidding themselves and use so-called double opt-in--or fully verified opt-in, or closed-loop opt-in, or whatever you want to call it--in their e-mail list-building efforts, or they shouldn't be surprised when they end up with a lot of crap addresses."