Mailchimp changes signup process

As of October 31, 2017 signup forms and popup boxes provided by Mailchimp will no longer default to a double / confirmed opt-in process.

Starting October 31, single opt-in will become the default setting for all MailChimp hosted, embedded, and pop-up signup forms.

This announcement was made earlier today in their newsletter and has been spreading like wildfire around the email community.

Of course, everyone has their opinion on why, including me. I haven’t talked to anyone over there about this, but I suspect this relates to the listbombing issue.
I expect that part of their response to subscription bombing was to look at their subscription forms and harden them against abuse. But, as they were looking at it, they also started thinking about the COI process and how COI itself could be used as an attack vector.
The result is removing the COI component from their default forms. Customers who want or need to continue to use COI can enable that option on their setting page.
I feel like I’ve blogged a lot about COI in the past but looking through old posts I can’t actually find many posts on it. (COI: an old topic resurrected, Sledgehammer of COI). There’s a reason for that, COI is a tool and is useful in some circumstances. But it’s not THE solution to deliverability problems.
The discussions around this change have been interesting.
From my perspective, this is not a huge change. No one who used Mailchimp was forced into using COI. There were always ways to work around the default. It makes it easier for some of their customers to run single opt-in mailing lists but it’s only one ESP changing their policies.
I am in the minority thinking this isn’t a big deal. The rest of the industry is full of speculation about this change.
Some compliance and abuse people worry that Mailchimp has gone to spam side. (I doubt it.) Other people liked being able to point at Mailchimp as an example of COI being a best practice and now they can’t. (Well, yeah, time for a better narrative.)
Marketers speculated financial pressures and loss of customers drove this change. (I doubt it, it wasn’t that long t they drove customers off Mandrill.) Others are happy MC “got with the times.” (Uh, they’re actually ahead of a lot of folks in seeing patterns and innovating.)
Whatever the reason, it’s a pretty big change in policy for Mailchimp. But I don’t expect to see more spam from their networks. They’re still going to keep their customers as clean as possible.
EDIT: On Oct 30, Mailchimp announced that the default for .eu customers would continue to be double opt-in to facilitate their compliance with GDPR.

Related Posts

Truth of Consequences

“If you want to use another means that violates the law, and every common definition of “spam”, then by all means, go ahead. You can enjoy fines and being added to the ROKSO database,” says a comment on my recent COI blog post. It’s both disconcerting and entirely predictable.

My post was a discussion of what to do with addresses that don’t confirm. Data tells us that there is some value in those addresses – that there are people who won’t confirm for some reason but will end up purchasing from an email. Using COI leaves some fraction of revenue on the table as it were. My post was a short risk analysis of things to think about when making decisions about continuing to mail to people who don’t confirm.
Mentioning COI often brings the only-COI-mail-is-not-spam zealots out of the woodwork, as it did in this case. In this case, we have the commenter first asserting that failure to do COI is a violation of CAN SPAM (it’s not). When this was pointed out, he started arguing with two people who have been actively fighting spam for 20 years (including running a widely used blocklist). Finally, he ends up with the comment asserting that anyone not using COI will end up on ROKSO. It’s as if he thinks that statement will fear other commenters into not having opinions. It can’t because everyone in the discussion, except possibly him, knows that it’s not true.
The worst problem with folks like the commenter is that they think asserting horrible consequences will make people cower. First off, people don’t react well to threats. Secondly, this is a hollow threat and most people reading this blog know it.
There are millions of mailing lists not using COI and have zero risk of ever getting on ROKSO. The only thing hollow threats do is make people not pay attention to what you have to say. Well, OK, and have me write a blog post about how those threats are bad because they’re completely removed from reality.
Exaggerating or lying about consequences is not just wrong, it’s stupid. “Do this or else BAD THING,” is awesome, up until someone decides they’re not going to do this and the bad thing never happens. It makes people less likely or pay any attention to you in the future. It certainly means your opinions and recommendations are not going to be listened to in the future.
I probably go too far the other direction. I can spend too much time contextualizing a recommendation. It’s one of the things I’m trying to get better about. No, client doesn’t need a 4 page discussion of the history of whatever, they just need 2 lines of what they should do. If they need the context, I can provide it later.
In order to effectively modify behavior consequences have to be real. Threats of consequences are meaningless. Any toddler knows this, and can quite accurately model when mom means it and when she’s just threatening.
Risk analysis is not about modifying behavior. It’s about analyzing a particular issue and providing necessary information so the company action understands potential consequences and the chance those risks will happen. The blog post about COI was not intended to modify anyone’s behavior. I know there are companies out there successfully maintaining two mail streams: one COI and one not. I know there are other companies out there successfully mailing only single opt-in mail. I know there are companies with complex strategies to verify identity and address ownership. And I smile every time I walk into a retail store and they ask me if my email address is still X and if I want to make any changes to it.
Lying about consequences does nothing to modify behavior. All it does is diminish the standing and audience of the liar. Be truthful about the consequences of an action or lack of action. Don’t make up threats in order to bully people into doing what you think is right. Sooner or later they’re going to realize that you don’t know what you’re talking about and start to ignore you.

Read More

Best practices: A Gmail Perspective

At M3AAWG 30 in San Francisco, Gmail representatives presented a session about best practices and what they wanted to see from senders.
I came out of the session with a few takeaways.

Read More

The sledgehammer of confirmed opt-in

We focused Monday on Trend/MAPS blocking fully confirmed opt-in (COI) mail, because that is the Gold Standard for opt-in. It is also Trend/MAPS stated policy that all mail should be COI. There are some problems with this approach. The biggest is that Trend/MAPS is confirming some of the email they receive and then listing COI senders.
The other problem is that typos happen by real people signing up for mail they want. Because MAPS is using typo domains to drive listings, they’re going to see a lot of mail from companies that are doing single opt-in. I realize that there are problems with single opt-in mail, but the problems depends on a lot of factors. Not all single opt-in lists are full of traps and spam and bad data.
In fact, one ESP has a customer with a list of more than 50 million single opt-in email addresses. This sender mails extremely heavily, and yet sees little to no blocking by public or private blocklists.
Trend/MAPS policy is singling out senders that are sending mail people signed up to receive. We know for sure that hard core spammers spend a lot of time and money to identify spamtraps. The typo traps that Trend/MAPS use are pretty easy to find and I have no doubt that the real, problematic spammers are pulling traps out of their lists. Legitimate senders, particularly the ESPs, aren’t going to do that. As one ESP rep commented on yesterday’s post:

Read More