Best Practice: Confirm Every Opt-In Via COI Or COIL

No, this is not a rant in favor of universal usage of double or confirmed opt-in (COI), although that practice certainly has its place. I’ve been a longtime supporter of single opt-in as “good enough” for most permissioning scenarios — especially when there’s active consent — and nothing has changed that opinion.

However, risks from opt-ins are rising. Typo spam traps and typos in general pose serious deliverability risks, especially to brands that capture email addresses offline through verbal or handwritten transcription. Several brands have been stung by Spamhaus in recent years because of typo spam traps getting on their email lists through poorly executed in-store email capture.

Marketers’ use of passive consent doesn’t help, either, particularly when that consent is buried in the fine print of sweepstakes rules or terms and conditions statements. It’s well established that consumers don’t read the fine print, so including opt-in consents in these statements provides brands with no protection from spam complaints.

Because of these risks, it seems reasonable to put in place a method of confirming opt-ins that provides a hedge against potentially problematic email addresses and permission grants. Why not take some inspiration from the confirmed opt-in process, but lower the bar?



So while a confirmed opt-in seeks to verify consent with a single opt-in confirmation email that requires a specific click as proof of permission, a single opt-in process could confirm consent by getting an open or click in any of the emails sent during, say, the first 30 days following the opt-in. If subscribers don’t engage with your welcome email (or welcome emails series) or any of the other emails you sent during their first month on your list  — a time when subscribers are usually the most engaged — then you should see this as a major red flag and stop mailing them.

Call it confirmed opt-in lite (COIL).

The bar would be appropriately lower for COIL, but there would definitely be a bar that new subscribers would need to clear in order to stay subscribed. Not clearing this bar means that you’re acknowledging that the email address represents more of a risk to your deliverability than an opportunity to grow sales.

A 30-day window is probably appropriate as a default starting point for most B2C brands, but you could, of course, determine the window that makes the most sense for your brand by analyzing the behavior of your subscribers. After what point do initially inactive subscribers rarely become active? After what point do initially inactive subscribers become very likely to complain? Daily mailers may find a shorter COIL period to be more effective, while weekly mailers may find a long period better.

Whatever point you choose, stick with it. Codify it by building it into your onboarding process. Automate the logic to keep yourself honest — and safe.

Many brands will be performing some list hygiene this summer and early fall in preparation for holiday season. Make instituting COIL a part of that effort to reduce inactives, lessen the risk of being blacklisted, and keep your email program focused on serving engaged subscribers.

3 comments about "Best Practice: Confirm Every Opt-In Via COI Or COIL".
Check to receive email when comments are posted.
  1. Bill Kaplan from FreshAddress, Inc., June 17, 2014 at 3:33 p.m.

    It's true that risks from problematic opt-ins continue to rise but, unfortunately, the idea of Confirmed Opt-in Lite will not keep companies from being blocked or blacklisted.

    If a company picks up a typo trap or other spamtrap address, messaging it multiple times over the course of a 30 day period will result in multiple emails being sent to Spamhaus or other spam-filtering organizations, which will surely add you to their block or black lists.

    The best way to keep off the radar of Spamhaus and other similar organizations is to perform an email hygiene, correction, and validation service on all email addresses BEFORE entering these into your marketing database.

    To learn more about how leading companies keep their email address databases safe to send, see

  2. Chad White from Litmus, June 17, 2014 at 4:08 p.m.

    Yes, tools like BriteVerify can help with typos. I'm not a deliverability expert, but it's my understanding that Spamhaus and others punish repeat offenders, senders that endlessly mail spam traps. So putting in a Confirmed Opt-In Lite process would provide protection, plus would give you something to point to should you get in trouble with a blacklist. COIL demonstrates that you're trying to do the right thing.

    But I'm also suggesting COIL to protect brands from sending to marginal subscribers who really aren't that interested in their emails and who are more likely to complain than opt-out. So COIL is meant to address both issues.

  3. Bill Kaplan from FreshAddress, Inc., June 17, 2014 at 4:28 p.m.

    Companies that perform SMTP checks, assuming their checking is accurate, will show typo trap as well as spamtraps as deliverable so that won't solve the problem of being ensnared by Spamhaus and others.

    Also, the idea of sending multiple but limited emails to typo traps and spamtraps will still result in blocking and blacklisting issues as Spamhaus's general policy is "two strikes and you're out" (i.e. you can't send more than once to a spamtrap).

Next story loading loading..