The Spamhaus Project


Mailing Lists -vs- Spam Lists

Explore the nuances between Solicited Bulk Email and Spam, uncovering the importance of Confirmed Opt-In (COI) practices. Understand how COI safeguards against spam accusations and enhances email list performance.

by The Spamhaus TeamJanuary 29, 20243 minutes reading time

Jump to



Solicited Bulk Email is an important mechanism for keeping consenting customers informed of products or service-related news. When Bulk Email is solicited, it is valuable to the recipient: when it is unsolicited it is purely spam, an unwanted and unwelcome nuisance to the recipient which unfairly forces the recipient to assume the cost of receiving, storing and removing the unrequested email.

The difference between senders of legitimate bulk email and spammers could not be clearer. The legitimate bulk email sender has verifiable permission from the recipients before sending their email, and the spammer does not.



All bulk email sent to recipients who have not expressly registered permission for their addresses to be include in the specific mailing list, or which requires recipients to "opt-out" to stop further unsolicited bulk mailings, is by definition Unsolicited Bulk Email, a/k/a "Spam".

Unconfirmed Opt-In

If an opt-in request is not confirmed, it can not be verified. The sender has subscribed the address to a mailing list without verifying if the address owner has in fact granted permission for that action, or not: in many cases, the senders have harvested or purchased/rented the address from another spammer and "opted it in" themselves.

Unconfirmed Opt-in means that anyone can subscribe any address to a mailing list regardless of whose it is. For example, anyone can use "" to subscribe, and according to the list owner, the President has then 'opted-in'.

Unconfirmed Opt-in is an excuse for spammers to harvest or buy lists, and claim they have "permission" where there was none granted. This is why Unconfirmed Opt-in lists are known as "dirty lists" in the respectable bulk email industry, and as "Block the sender on sight" lists in the anti-spam industry.

In the event of a "spam" accusation:

The sender has no verifiable proof that the recipient gave permission to be placed on the bulk mailing list, and is therefore liable for having sent Unsolicited Bulk Email a/k/a Spam. Action can be reasonably be taken against the sender. The sending of Unsolicited Bulk Email is against the Terms of Service of all ISPs worldwide, against the the Terms of Service of all reputable ESPs, is illegal in many countries, and is against Spamhaus SBL policy.

Legitimate Bulk Email

"Confirmed Opt-in"

Known as "COI" or "Double Opt In" in the legitimate bulk email industry, it can also be referred to as "Verified Opt-in" or sometimes "Close Loop Opt-in".

When using COI, the recipient has verifiably confirmed permission for their email address to be included on the specific mailing list by confirming (responding to) a list subscription verification request that is sent at the time of the sign-up. This is the gold-standard best practice for all responsible bulk mailing & marketing firms.

Using COI ensures that users are properly subscribed using a functional email address with the address owner's consent, protects against hitting spam traps, and improves inbox placement.

In the event of a "spam" accusation:

The sender is fully and legally protected because the address owner's affirmative response to the subscription verification request was received, and proves that the address owner did in fact opt-in and grant verifiable consent for the mailings.

This simple protection means that the sender can not be legitimately listed on any 'spam' blocklist, or legitimately terminated for spam complaints by an ISP since he has an actual email from the address owner confirming the subscription.

"COI: a way to turn a horribly performing bloated list that demands a specialist ESP to mail and manage, into a high-performing list that a small business with a one-man IT department could handle." - Bill Cole