The riskiest email to send is that very first email. It’s a blank slate. Even if you’re sending confirmation messages, you don’t really know anything about how this email is going to affect your reputation.
It’s Schroedinger’s email. The address is both good and bad, until you send to it.
If it’s good, great things will happen. You’ll be happy. The recipient will be happy. Deliverability will increase. Everything is awesome.
But if it’s not good, there are a whole host of consequences to sending that email. The obvious problems are hitting spamtraps, bouncing mail and complaints with the resulting delivery problems and, in very bad case, spamfoldering and blocklisting. Sure, you can use a data hygiene to lower the chances of the mail bouncing. But hygiene services don’t help you if the address is deliverable but belongs to someone else. They certainly don’t help if the address is a spamtrap.
There are all sorts of ways to mitigate damage from bad email addresses, after you know for certain they’re bad email addresses. But that first email is still risky. Even sending a confirmation email (double opt-in) can cause delivery problems at some places. That’s especially true for signups where you might want to send confirmation emails like sweepstakes or political mail.
The obvious answer is to segregate all confirmation emails onto their own IP with their own DKIM signature and, if you’re really worried, it’s own domains and everything. The problem there is that if your mail is messy enough, you may generate a bad reputation on it and your confirmation emails will go to bulk.
You may want to consider, then, just mixing in the confirmation emails with your regular mailstream and letting the good reputation carry the new messages. That may work depending on the relative volumes and the quality of the subscription feed.
Another way to handle it is to segregate the confirmation messages on an IP with other transactional and triggered emails like password resets, 2FA emails and purchase receipts. If you have a transactional feed, this is the best way to handle this mail. Most of the other emails are heavily engaged with, but come at irregular intervals. This mimics the confirmation emails and lets all that stream develop a reputation outside of the reputation of regular bulk mail.
All in all, there’s no one way to manage confirmation emails for a signup stream. There’s always going to be risk to mailing that unknown email. We’re already seeing filters able to sort out different mail types when they’re from the same IPs with the same authentication. Google and Oath are good at that already.
My best advice is to lump it in with the other transactional email. That’s what it is, that’s what it looks like. If you only have a single IP, then I’d advise authenticating transactional mail, including confirmation mail, differently from marketing and bulk mail. That way the filters can distinguish between the two streams. While some reputation will be shared between the different kinds of mail, the filters will be able to distinguish between them. As such the confirmation emails will be less likely to harm your overall delivery.