When is single opt-in acceptable?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Your signup form is converting well and you're wondering whether you really need to send a confirmation email and risk people never clicking it. That's the case for SOI. Whether it makes sense depends on what else you have running.
Single opt-in works reasonably well when you have real-time email validation at the point of signup. Tools that check syntax, verify the domain exists, and flag known-bad addresses catch most of what double opt-in would have blocked. Add a CAPTCHA or honeypot field and you've removed most bot abuse. You'll still want to suppress early non-engagers quickly.
High-volume consumer senders with solid validation infrastructure sometimes find SOI acceptable because the conversion rate gain outweighs the list quality hit. Smaller senders without that layer generally shouldn't. B2B contexts or high-value subscriber relationships benefit from double opt-in's verification regardless of volume.
One legal note: GDPR doesn't require double opt-in, but it does require you to prove consent. SOI's form submission record is thinner evidence than DOI's confirmed click. If consent ever gets challenged, you'll want the stronger paper trail. Whatever method you use, list validation keeps bounce rates from climbing. Our list cleaning service handles what SOI lets through (hi ;)).
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.