How much discrepancy is normal between email signup and double opt-in confirm?

[Nat]

I've got Thrive leads installed and it's linked up with an API that sends out a double opt-in confirmation. I've been comparing the number of emails thrive is reporting to the number that are showing up as double opt-ins. It's almost 50%. That seems outrageously high to me.

 

[eliquid]

Ive seen numbers like that before, so Im not sure its high.

It could be based on your industry.

Why do you want to do double opt-in?

 

[CCarter]

Why do you want to do double opt-in?

So random people don't put in spam@FBI.gov and then you start automatically sending unsolicited email newsletters without confirming that spam@FBI.gov actually signed up by clicking the confirmation link in the email that's sent during the double opt-in process.

It's almost 50%. That seems outrageously high to me.

If you are saying by 50% that out of 100 sign-ups only 50 of them end up confirming the double opt-in, then yeah that does sound high, but it could be that you are using a lead magnet that's more enticing than people actually willing to sign up for your brand's newsletter. I would say at most 10-20% of the people don't confirm the opt-in, but again that depends on your niche/industry and whether your emails are even arriving to the users' inbox for them to confirm (and not going to spam cause of a poor spam score).

 

[eliquid]

So random people don't put in spam@FBI.gov and then you start automatically sending unsolicited email newsletters without confirming that spam@FBI.gov actually signed up by clicking the confirmation link in the email that's sent during the double opt-in process.

Yeah but these are generally caught in good mail list systems already that either know these are roles based emails or spam traps and generally don't get/stay in lists if they are well managed. The well known ones that is. Even if you are managing yourself, you can purchase list cleaning services or integrate with ClearBit, etc to validate if real to an extent some.

Note: The paragraph above is only about spam traps or honeypots or known role based emails.


In this day and age though, if you did get a real fake email ( not a spam trap or role based email ) and send out, you'd know in the first few emails when the open was 0 or the clicks were 0. Someone that signs up is going to want to open and click your first 3-4 emails. If you haven't achieved that, your system should be kicking them out automatically because of false signup or some tech issue. Either way, it should be kicking it out for you OR you should be cleaning it out yourself if you don't have that.

I'm seeing a lot of big emailers ( aka guru coaches and such ) not double verifying and their emails are coming in very well. I actually have a whole other dedicated email address I use just for this purpose ( study gurus ) so I can study their pitches, funnel flow, list segmentation, and volume.

Double verify just seems to be going out the door to me.

 

[CCarter]

I'm seeing a lot of big emailers ( aka guru coaches and such ) not double verifying and their emails are coming in very well. I actually have a whole other dedicated email address I use just for this purpose ( study gurus ) so I can study their pitches, funnel flow, list segmentation, and volume.

Double verify just seems to be going out the door to me.

That's not CAN SPAM compliant. What would stop me from entering one of my enemy's emails into massive amounts of newsletters and then all of a suddenly my enemies are getting bombarded with newsletters because of an automated system I setup and threw them in? That's why you double verify - that's why all major mailing list services require that. If people are actually not confirming the emails on their lists - that's just not compliant or even smart.

 

[eliquid]

That's not CAN SPAM compliant. What would stop me from entering one of my enemy's emails into massive amounts of newsletters and then all of a suddenly my enemies are getting bombarded with newsletters because of an automated system I setup and threw them in? That's why you double verify - that's why all major mailing list services require that. If people are actually not confirming the emails on their lists - that's just not compliant or even smart.

I think there might be a mix up.

CAN SPAM has nothing to do with double opt-in. No law actually states it is needed.

In the US, you don't even need prior consent to collect the email.

Prior consent is actually a EU/International law, but not in the US. Prior consent can be a lot of things though like signing up for free whitepaper or trail at a SaaS like Moz and not double opting in.

Lots of ESP's don't require you to do double opt-in but have the feature ( Aweber use to be one, Mailchimp, etc ). I don't think they would willing want people to break laws on their platforms though by offering single opt-in on new lists if it was required by CAN SPAM.

If we had to prove double opt-in, many people would not be able to send out via Mandrill or Amazon as there would be no proof for the requirement to start sending out on that platform.

Double opt-in is not required on many ESPs/Platforms and also not a CAN SPAM regulation.

Maybe there is a mix up in what we are saying to each other, but its not in the laws.

Some people like to make sure, but as long as you can show proof of the signup in your system along with a timestamp and IP address, that's going to pass for a lot of things.

The law wasn't written to really cover a competitor trying to fill your email box on fake signups ( that would have a timestamp and IP ), but to cover email marketers that open a Mailchimp account ( or ESP service ) and dump in 200,000 emails scraped from Google or shared from someone else ( like a torrent ) where no proof of signup happened ( timestamp or IP ) and then blasted out. Could you fake the timestamp and IP? Sure. But like an law its has it's loopholes and such.

Gray areas, yeah gray areas I know. But if you dig into the law, that's pretty much it.

 

[CCarter]

CAN SPAM has nothing to do with double opt-in. No law actually states it is needed.

You're right it's not CAN SPAM explicitly. But it is the laws in Europe, Canada, and presumably other places. I always assume marketers are going to operate internationally by default - that's my fault on that one. However even if I was only targeting the USA I'll always stick to not doing the "bare minimum" and showing good faith to go above and beyond being compliant. But "Bare minimum" is you can scrape the internet and spam users in the USA - but it doesn't make sense to be side-by-side in a line-up with known spammers and hardcore spam practices for your brand (Lets not even talk about the public relations problems).

Not doing a double opt-in is just asking for trouble, because random people can input random emails into your system, lets say someone in France, and now you are breaking French laws.

MailChimp requires a double opt-in when using their form (Double Opt-In Signup Form FAQ's), but if you import you can opt to not do it. Amazon recommends you double opt-in that the list you are sending Obtaining and Maintaining Your Recipient List; Mandrill made you state that you have permission to email the users, they discontinued services so I'm going off memory.

Here is the exact link to the CAN SPAM compliance: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

And here are the laws on international emailing: http://www.lsoft.com/resources/optinlaws.asp

Opt-In Requirements and Permission

United States

No, the CAN-SPAM Act allows direct marketing email messages to be sent to anyone, without permission, until the recipient explicitly requests that they cease (opt-out).

Europe

Yes, direct marketing email messages may be sent only to recipients who have given their prior consent (opt-in). Prior permission is required for business-to-consumer (B2C) communication covering all "natural persons".

Canada

Yes, commercial electronic messages may be sent only to recipients who have given their prior consent (opt-in). All recipients' express, or in certain cases implied, prior permission is required.
​

--

Now here is your real problem, and WHY you should double opt-in and why my brain defaults to double opt-in as a requirement:

#1 Regulation - No it's not required in the USA, but other countries it is (as long as you have an easy opt-out process). The problem is you don't know where the person is located when the email is setup. Now, will regulators with their bob hats come across the pond to find you - depends on how big you are. If you have a presence in a country - then you might get in trouble.

#2 Spam Score - If you send emails to people that hit the spam button the ISP (comcast, att.com, aol.com) and ESP (gmails.com and yahoo.com) record that and put that against your domain AND IP within their system. Some even report it to places like Spamhaus. What spamhaus does is then has a public record and smaller ESPs and domains from little guys like you and mean will use something like SpammAssassin to score the incoming mail. So when multiple people hit that spam button or worse yet send a complaint for spam, the score rather quickly will get aggregated and your domain AND IP address will become blacklisted.

You can check if your IP address or domain is blacklisted here: https://mxtoolbox.com/blacklists.aspx

You can remove your domain or IP address from Spamhaus blacklist here: https://www.spamhaus.org/lookup/

Just because you submit the domain/ip address from removal doesn't mean they will comply. If you get past a certain threshold or have re-submitted several times without stopping the spam they WILL IGNORE YOU.

What double opt-in does is ensure that the first communication not only got there but there was engagement - the email providers see this. They watch a user click on a link and record it. They watch a user click the "spam" button and record that, they watch a user hit the "complaint" button and definitely record it. The first interaction from a brand new domain to an email provider like gmail and yahoo is CRUCIAL. Having that email be a transactional email or an confirmation email ensure that your emails from your domain AND IP Address get through gmail/yahoo and others easier.

If you just scrape a list of emails from the internet then send out an email blast to those emails within 24 hours I can guarantee you that you'll be on one of the email blacklists. Getting off them the first couple of times is okay, but that history stays with you. The more "successful" emails you send to an email provider like gmail/yahoo the more likely your success in the future. BUT that can change extremely quickly.

#3 Longevity - Lets say you've been successfully mailing gmail/yahoo for years, and are able to inbox 10,000 emails a day between the two. They monitor your success rate continously. Then lets say you scrape a list of emails and start attempting to email those to the providers from your same domain. You'll have a little leeway cause your domain/ip address has age (within those email providers), but once they see you email new email accounts and that group starts hitting the spam/complaint button at a higher rate - THEY WILL TEMPORARILY BLOCK YOU from sending emails to their domain.

Now there isn't one massive "unblock" me master blacklist for the internet, every email provider has different parameters and keeps their own internal scenarios on how to get un-blacklisted. That's why spammers switch domains and buy IP addresses left and right until they are "burnt to a crisp" and move on to a new IP address.

#4 The story of the .XYZ domain extension - ABC.XYZ (Google's parent company Alphabet) helped this craze, but the problem with .xyz was it was so cheap (and some places free) to get, that spammers jumped on board to simply spam emails to people. NOW ALL OF XYZ domains are considered spam and will not inbox without jumping through hoops. People will sign up for randomsite.xyz and start emailing people normally and 50% of the time never get a reply - they don't realize that the spam score for XYZ is above the 5.0 needed for SpamAssassin to mark it as spam as a default. You actually have to unblacklist your XYZ domain yourself. I've had customers just register XYZ domains and attempt to send emails and all of them went to junk/spam immediately because the negative history with the XYZ TLD. It may have quelled down in recent months, but XYZ for a long time was automatically marked spam.

--
All the above problems can be solved by using the double opt-in. In the XYZ case if you created a brand.XYZ domain and send emails, the double opt-in process would have the email provider watch the user remove the domain's email from spam (good) and check the "not spam" option (good), and help you whitelist your domain with that provider (good). With XYZ you are guilty until proven innocent. XYZ is no longer in the top 10, but newer domains like .review and .science are and they are also guilty until proven innocent: The World's Most Abused TLDs

You can play the gray/blackhat game but if it's for a serious brand/company you plan on flipping as a business or running long term meaning this isn't some quick hustle scenario, double opt-in to be safe and compliant in Europe/Canada (and everywhere else non-savages live), especially if you are not just restricting your audience to USA or a particular country.

 

[Nat]

@eliquid @CCarter I just learned a lot from this thread, thank you. I had never dug into the law like @eliquid just did.

If you are saying by 50% that out of 100 sign-ups only 50 of them end up confirming the double opt-in, then yeah that does sound high, but it could be that you are using a lead magnet that's more enticing than people actually willing to sign up for your brand's newsletter. I would say at most 10-20% of the people don't confirm the opt-in, but again that depends on your niche/industry and whether your emails are even arriving to the users' inbox for them to confirm (and not going to spam cause of a poor spam score).

Yep, that's what I meant. I'm also not using an overly enticing lead magnet, so that shouldn't be the issue. I was worried the confirmation email might not have been inboxing. But, I've thrown in a few emails and the double-optin email has priority inboxed. It shouldn't be a hard niche to get people to confirm.

 

[Pardens]

I've got Thrive leads installed and it's linked up with an API that sends out a double opt-in confirmation. I've been comparing the number of emails thrive is reporting to the number that are showing up as double opt-ins. It's almost 50%. That seems outrageously high to me.

I remember listening to a Pat Flynn episode where the guest said just that.

Removing double opt-in doubled email sign-up and only reduced responsiveness by 20%. I, for a fact, absolutely hate double opt-in. I don't think there's any correlation between the two. You can ask for investment in smarter ways.

You do have to clean your list more frequently, though -- but if you use an autoresponder with decent capabilities (Drip, ActiveCampaign, Infusionsoft) you can automate to send an email warning you'll unsubscribe them if they don't click the link below when said subscriber hadn't open an email for 30/60/90 days.

 

[propipper]

@eliquid @CCarter I just learned a lot from this thread, thank you. I had never dug into the law like @eliquid just did.

Yep, that's what I meant. I'm also not using an overly enticing lead magnet, so that shouldn't be the issue. I was worried the confirmation email might not have been inboxing. But, I've thrown in a few emails and the double-optin email has priority inboxed. It shouldn't be a hard niche to get people to confirm.

I had the same question about if the double-opt in email was even getting delivered.

I had that problem just recently with Gmail. This wasn't even for mass emailing or autoresponders but I was getting everything from not delivered to stuck in SPAM and I only know because I was emailing my clients.

Since you know it's inboxing, are you going to try and do A/B testing with a different lead magnet? Curious to see if any of those are factors in the 50% rate or if it's because of the double-opt in.

 

[Nat]

I had the same question about if the double-opt in email was even getting delivered.

I had that problem just recently with Gmail. This wasn't even for mass emailing or autoresponders but I was getting everything from not delivered to stuck in SPAM and I only know because I was emailing my clients.

Since you know it's inboxing, are you going to try and do A/B testing with a different lead magnet? Curious to see if any of those are factors in the 50% rate or if it's because of the double-opt in.

Split testing and adding a variety of lead magnets is on my to-do list, but it isn't #1 priority right now.

It isn't actually over-promised lead magnets, I am having this issue with email sign-ups that weren't even incentivized. Meaning, they should all be genuinely interested in clicking that "confirm," because most of them opted in on "get our new posts delivered to your inbox" type forms.