Email Opt-Ins: It’s All About Consent In the End


For 2022, Webbula is launching a series of blog posts about email deliverability topics. We have a variety of esteemed authors from the email industry lined up to participate. 

  • Subscriber Management: How to Start, Maintain, and Break Up by Elizabeth Jacobi. Read it. 
  • Email Authentication 101: What It Is And Why It Is Important For Brand Reputation by Yanna-Torry Aspraki. Read it here. 
  • Why Blocklists Make Us Better Email Marketers by Andrew Kordek. Read it
  • IP Warming - Do It Right or Do It Twice by Amanda Jackson. Read it.

Watch the discussion! 


It feels like there is an endless debate about collecting email addresses from consumers with the intent to send them email communications. The debate between third-party consent, opt-out, opt-in, and confirmed opt-in (COI) oftentimes leads to a rather heated exchange between members of the email community. Many times, though, brands can implement a combination of these options to find the best mix of permission to send consent for opt-in email marketing subscription needs. 

If you look at just the legal requirements of email marketing where there are laws in virtually every jurisdiction, email “opt-in” is required, but virtually no one mandates the type of opt-in you must use. With the USA implementing an opt-out law, and Germany building on case law with past rulings in favor of COI, these are seemingly the two strongest outliers in this scenario. The type of opt-in that each company decides to use is ultimately an internal risk acceptance practice and local regulations.

Third-Party Consent

Let’s start with the obvious here. Third-party data in general is not properly consent-based in the eyes of most email service providers, especially if that data is purchased from a data broker. While this can be a quick way to grow your database, it is also a quick way to get into trouble with blocklists and mailbox providers’ (MBPs) spam filters. 

However, if you’re willing to work with other brands that have collected the proper consents to send ‘third party’ emails, you might see the added reach without all the extra headaches of complaints and filtering as you’re relying on the list owner to send your promotion to their consenting recipients. 

Opt-Out Emails

When collecting email addresses in an opt-out manner there is one key difference between opt-out and opt-in email collection - the presence of an active action to implement a subscription. CAN-SPAM is an example of an opt-out law where you do not need the permission of a recipient to send them email communications as long as you meet the legal requirements. This includes offering an option to stop future emails from your organization, provide valid postal information, and are not sending emails with misleading header or transmission information. This type of consent is not usually sufficient to meet the contractual needs of an email service provider or an ISP/mailbox provider and could see your brand’s reputation and delivery suffer in the case of complaints and unresponsive subscribers. 

Single Opt-In Emails

Most brands can get along just fine when implementing a single opt-in (SOI) consent process, which includes an affirmative notice or action to be taken by the subscriber to complete a subscription action. However, that also means they need to build stronger business rules around who they contact and how long that contact will be included in their active mailing lists. When implementing an SOI list, brands should build a welcome program to let the subscriber know that they have been added to your mailing list and what they can expect from joining the email program. 

Accompanying an SOI process, email opt-in forms should offer protections against subscription form fraud, aka list bombing, where a brand is implicated in spamming an individual to render their email unusable. Protective measures from list bombing include implementing services like Webbula’s email form verification service, ReCaptcha, and limiting how forms are submitted to ensure that it’s not being abused. 

Confirmed Opt-In Emails (AKA Double Opt-In) 

When it comes to looking at adding something a little more robust to your subscription forms, moving to a Confirmed Opt-In (COI) can help prevent many delivery issues for an organization. Especially if there is a history of delivery problems (i.e., RBL listings), false subscriptions, or form abuse. Implementing COI can help mitigate many of the long-term effects of a past bad experience. 

COI should also be considered where there are manual inputs from locations like point-of-sale terminals or call centers where typos are common. COI is also recommended when the communication between the organization and the individual is more sensitive in nature. This could include things like banking statements, health information, or even adult content that should have a second review to ensure that the recipient is the correct and willing recipient of these items.

Talk with your email service provider about which option or a mix of options makes the most sense for your brand. Your email service provider may have other suggestions or solutions to help protect your organization as well.

Still unsure about making the jump to opt-in data from your current opt-out practices?  Take a look at these numbers. A recent case study from the Email Optimization Shop, shows that an opt-in email list will perform 9X better on open rates and up to 21X better with reader conversions over an opt-out email list

In the end, whether you decide on using a single opt-in, a confirmed opt-in (aka Double Opt-in), or a mix of these opt-in practices, the data says to make sure that it’s OPT-IN and not opt-out.


Meet the Author


Matthew Vernhout

VP of Deliverability North American at Netcore Cloud

Netcore cloud 


Matthew Vernhout (@emailkarma) is Netcore’s Vice President Deliverability. A digital marketing and privacy advocate, the chairperson of the ANA Email Council, director at large with the Coalition Against Unsolicited Commercial Email (CAUCE), Marketing Chair with the AuthIndicators Working Group, founder of the Canadian Email Summit, co-founder of He is a trusted industry expert, recognized as the 2019 EEC thought-leader of the year and is a Certified International Privacy Professional (Canada) (CIPP/C). Matthew speaks frequently at email marketing and technology conferences around the globe, and maintains his celebrated blog,




Verify, Protect and Grow Your Database