What’s a confirmation or double opt-in trigger?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Double opt-in (often shortened to DOI) is a signup flow with two steps. Someone submits their email on your form. Your system fires an automated confirmation email with a unique verification link. Until they click that link, they sit in a pending state. Click the link and they get added to your active list, usually triggering a welcome series right after.
Single opt-in skips the click. The address goes straight onto your list the moment the form is submitted. That is the difference, and it matters more than most marketers admit.
Why the confirmation step exists
Three reasons, in order of how much they bite you when you ignore them:
- Typos and fake addresses. People mistype their own email constantly.
gmial.com,yaho.com,name@@domain.com. Some people deliberately type junk to get a lead magnet. Without DOI, those rotten addresses live on your list, bounce on every send, and drag your sender reputation down. - Spamtraps and malicious signups. Anyone can paste a competitor's address (or a known spamtrap) into your form. DOI shifts the burden of consent to the person who actually owns the inbox. If they did not click, they are not on your list.
- Consent you can prove. Under GDPR Article 7, the controller (you) must be able to demonstrate that the subscriber consented. A timestamped click on a confirmation link, logged by your ESP, is the cleanest evidence you can produce. Single opt-in leaves you defending a form submission with no second-factor proof.
Germany is the strictest case I know of. Courts there have repeatedly treated DOI as the de facto standard for B2C email, and Google itself recommends confirmed opt-in in its sender guidelines.
The honest tradeoff
You will lose subscribers. Confirmation rates vary wildly by audience and incentive, but expect somewhere between 60% and 90% of people who submit the form to actually complete the click. The other 10% to 40% never confirm. Some forgot. Some changed their mind. Some never wanted to be there.
That loss is the feature, not the bug. The people who do not click were never going to open your emails anyway. You just found out before they tanked your engagement metrics at Gmail and Outlook.
How to set it up so the click actually happens
The confirmation email is the most important email you will ever send to that contact. Treat it that way.
- Send instantly. This is a true event-based trigger. Latency over 30 seconds kills confirmation rates.
- Subject line says what it is. "Confirm your subscription" beats clever every time. The reader has the form fresh in their head for about 90 seconds.
- One button, above the fold. Not three links. Not a paragraph of legalese first. Confirm button, then the explanation underneath if they want it.
- Send from a real, monitored address. Not
noreply@. Replies happen, and replies build reputation. - Authenticate it properly. SPF, DKIM, DMARC aligned. A confirmation email landing in spam is the worst possible first impression and the fastest way to bleed signups.
- Set a sensible expiry. 24 to 72 hours is normal. If they have not clicked by then, send one polite reminder. After that, drop them. Do not keep nagging.
Where DOI fits in your broader automation
Think of it as the entry trigger that gates every other automated workflow you run. No confirmation, no welcome series, no nurture, no promotional sends. The list you are actually growing is the confirmed list. Everything else is a leaky funnel of unverified addresses.
If you are starting from scratch, or relaunching after a deliverability problem, turn DOI on. The growth curve looks slower on paper. The deliverability curve looks dramatically better, which is what actually pays the bills.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.