As of October 31, 2017 signup forms and popup boxes provided by Mailchimp will no longer default to a double / confirmed opt-in process.
Starting October 31, single opt-in will become the default setting for all MailChimp hosted, embedded, and pop-up signup forms.
This announcement was made earlier today in their newsletter and has been spreading like wildfire around the email community.
Of course, everyone has their opinion on why, including me. I haven’t talked to anyone over there about this, but I suspect this relates to the listbombing issue.
I expect that part of their response to subscription bombing was to look at their subscription forms and harden them against abuse. But, as they were looking at it, they also started thinking about the COI process and how COI itself could be used as an attack vector.
The result is removing the COI component from their default forms. Customers who want or need to continue to use COI can enable that option on their setting page.
I feel like I’ve blogged a lot about COI in the past but looking through old posts I can’t actually find many posts on it. (COI: an old topic resurrected, Sledgehammer of COI). There’s a reason for that, COI is a tool and is useful in some circumstances. But it’s not THE solution to deliverability problems.
The discussions around this change have been interesting.
From my perspective, this is not a huge change. No one who used Mailchimp was forced into using COI. There were always ways to work around the default. It makes it easier for some of their customers to run single opt-in mailing lists but it’s only one ESP changing their policies.
I am in the minority thinking this isn’t a big deal. The rest of the industry is full of speculation about this change.
Some compliance and abuse people worry that Mailchimp has gone to spam side. (I doubt it.) Other people liked being able to point at Mailchimp as an example of COI being a best practice and now they can’t. (Well, yeah, time for a better narrative.)
Marketers speculated financial pressures and loss of customers drove this change. (I doubt it, it wasn’t that long t they drove customers off Mandrill.) Others are happy MC “got with the times.” (Uh, they’re actually ahead of a lot of folks in seeing patterns and innovating.)
Whatever the reason, it’s a pretty big change in policy for Mailchimp. But I don’t expect to see more spam from their networks. They’re still going to keep their customers as clean as possible.
EDIT: On Oct 30, Mailchimp announced that the default for .eu customers would continue to be double opt-in to facilitate their compliance with GDPR.
> But it’s not THE solution to deliverability problems.
Neither it’s mandatory by any law.
As long as you’re doing a good job with the hygiene of your list, and the frequency of sending, and the content, and everybody’s happy, it’s fine! No need of COI!
But as soon as you start having issues, whatever the reason, but even more if, for instance, a spamtrap, or the personal email address of a prominent postmaster, has been subscribed to your newsletter, then you can not “guarantee” how clean you are.
COI is the only way to make sure that the people you are sending newsletter to are the ones who asked for it. If I input the email address of someone else, he or she will only receive the COI message. Maybe he or she will actually be interested (what are the odds?), and will click the confirmation link. Then great, the list owner just got his or her consent, that could be stored (as required by CASL and GDPR).
With no COI, you can not be sure you’re getting the “consent” of the email address owner, it’s therefore not a valid consent.
Another benefit of COI is that, by reducing the funnel of subscription, you finally have in your list people who actively requested to get your emails. They are going to react (as long as your content is relevant to them and their expectations) much more, the value-per-email-address in your list will be much higher.
I heard that by enforcing COI, you might have 20% less new subscribers in your list. I don’t have data to back that up though.
Benjamin, your comment regarding GDPR is extremely interesting. With GDPR in full effect in EU in 2018 companies need to be able to prove consent to storing personal data. I have a hard time seeing how this is possible without COI.
COI had a bad reputation for being “too hard” – but it’s basically 2FA for email signups and most people are trained to do that now.
I know some places have a > 95% confirmation rate. Others have < 10%. It really has to do with how you manage it and how much your information is wanted by the recipient. There are still cases where it's a useful tool. But it's not the only way to ensure that the person owning the email address and the person giving you the email address are the same.
I wish MailChimp would come up with a better way of sanitizing lists that their customers use. The spam:ham ratio from them is about 10:1 for me. I’ve reported hundreds of spam emails to them and it shows no signs of slowing.
I just read mailchimp’s post about this dated October 30th (boy they were fast).
This post actually addresses one of the concerns raised by Benjamin about getting tools to comply with the upcoming GDPR (were you HAVE to be able to prove optin), but also raises questions (interesting ones) about the double optin process in itself in the second part of the post.
the questions I’d love to ask them are:
– Has the decrease in confirmation rates started around or after the time were subscription bombing besame “a thing” last year?
– has there been a check to see if the decrease was purely caused by shifting expectations form users, or is there an increase in spambox placement of confirmation emails (we all know that’s a big problem in such cases).
All in all a very interesting read on a critical subject.