Spam, Spam Bots, and Double Opt-in E-mail Lists

Editor’s Note: This article was originally published by Web Marketing Today. Practical Ecommerce acquired Web Marketing Today in 2012. In 2016, we merged the two sites, leaving Practical Ecommerce as the successor.

It’s hard to grow an e-mail list these days. People, wary of getting tons of unwanted e-mail, just don’t subscribe as freely as they did in days of yore. And then there are evil spam-bots. In this article I’ll touch on some aspects of maintaining a successful e-mail list in spite of the difficulties.


Spam — unwanted e-mail in the inbox — is the curse of e-mail marketing. But what is spam? There are two definitions:

  1. “Unsolicited commercial e-mail” is perhaps the official definition that prompted anti-spam legislation in the US and other countries.
  2. “E-mail I don’t want,” however, is the way spam is functionally defined by average users. Whether or not they subscribed to something initially isn’t the point. If they start getting “too much” e-mail, don’t want it any longer, or don’t remember the sender, they’ll consider it spam.

In this article, however, I want to consider the implications of the first definition, that is, how to send e-mails only to genuinely “solicited” (or “opt-in”) e-mail subscribers. Let me explain the problem.

The Principle of Opting-in

People think differently about unsolicited postal mail than they do about unsolicited e-mail. Postal junk mail is considered only a mild nuisance. That’s because, since it costs money to send postal mail, the volume of junk mail stays within reasonable bounds. However, junk e-mail is out of control, since it’s so cheap to send. As a result, junk e-mail is strongly resented, because it requires so much time to sort the few desired e-mails from the deluge of undesired e-mails. (Incidentally, I use Cloudmark Desktop as a first step in clearing spam from my Office Outlook system.)

In order to respect people’s wishes, marketers developed the principle of “opting-in,” that is, only sending e-mail to those who actually request it. Opt-ins take two forms:

  1. Single Opt-in requires subscribers merely to insert their e-mail address in a subscription form and press “enter.” They’ve opted-in. But what about people subscribing for others? To stop that, a second kind of opt-in was developed: double opt-in.
  2. Double Opt-in or Confirmed Opt-in not only requires the submission of an e-mail address. Confirmed opt-in e-mail programs send an e-mail to each would-be subscriber, which must be confirmed, usually by clicking on a link in the e-mail, but sometimes by merely replying to the e-mail. This ensures that only the addressee can subscribe himself or herself.

The US CANSPAM Act of 2003 does not require an opt-in approach, only an easy opt-out system. But opt-in is required by law in many European countries and elsewhere. It turns out that confirmed opt-in is the only way that you can prove that a person actually opted in, if challenged legally.

It’s a fact that single opt-in lists grow much faster. With double-opt-in lists, only 50% to 80% of initial subscribers get around to confirming. This is because confirmation e-mails get stuck in spam filters or get deleted by mistake — or people forget they subscribed by the time they check their e-mail.

To prevent this from happening, I’ve tried an audio message on the “thank you for subscribing, please confirm” page that appears after the initial subscription, reminding subscribers of the need to confirm, and encouraging them to immediately check for the confirmation e-mail. On some of my lists, at least, this has the effect of getting me about 90% confirmations — which is pretty high. (For the Flash player that auto-plays my brief MP3 message, I use a Windows program called SonicMemo developed by Jay Jennings.)

Subscription Spammers

But there’s a new wrinkle in e-mail list-building these days — what I call subscription spamming. These are automated computer programs (“bots”) that subscribe bogus names to your e-mail list. Why would someone do that? you ask. For the same reason that some people spend their time writing viruses that crash computers around the world — inherent Evil, what St. Augustine would term “original sin.”

These subscription spam bots expose you to two major dangers:

  1. Subscribing you to “spam trap” e-mail addresses. These might be addresses such as that are quickly identified by the major ISPs as spam addresses. When you unsuspectingly e-mail to one of these, your e-mails are marked as “spam” and don’t get delivered. But more seriously, your sending domain may get on blacklists used by many organizations to screen for spam. It’s ugly.
  2. Subscribing you to bogus e-mail addresses. When your e-mail list contains a lot of obsolete or bogus e-mail addresses that bounce, the major ISPs will — after observing a certain number of bounces from your e-mailing — stop delivery of remaining e-mails, at least for the time being. ISPs expect bouncing e-mails (a few percent), since at least 20% of people change their e-mail addresses each year. But when a larger than normal percent of e-mails bounce, your e-mails get flagged as spam. If this continues to happen, e-mailing after e-mailing, your domain’s reputation as an e-mailer gets permanently scarred.

I’ve noticed two kinds of bots that are attacking my Web Marketing Today list — what I call the ASDF Bot and the Double Name Bot. The signature of the first is an e-mail address beginning with ASDF. The signature of the second is inserting the same name — usually something that sounds vaguely Arabic — into both the first and last name fields of my subscription form, as well as into the username portion of a Yahoo or Gmail address. Nasty!

Stopping Spam Bots

The subscription spam bots can be foiled in two ways:

  1. Using a CAPTCHA device that requires the prospective subscriber to copy correctly the slightly distorted or camouflaged letters and numbers shown in a graphic. These systems work pretty well at preventing most computer-generated sign-ups, but they tend to depress subscription rates.
  2. Using a double-opt in system that requires people to confirm their subscription before they get on the list.

Why I’ve Stayed with Double Opt-in

Sometimes I fret about the gradually lowering percentage of people who confirm their subscription to my e-mail list. I’ve seriously considered going to a single opt-in system that will grow my list much faster. But since spam bots are such a serious problem, are hard to screen for, and can dramatically lower my deliverability, I’ve decided to continue using double opt-in lists. (Incidentally, I use iContact to e-mail out Web Marketing Today.)

No, double opt-in isn’t legally required — nor even expected in the industry these days — but it promises to help preserve my reputation as a responsible sender with the ISPs and therefore keep my inbox delivery rate higher.

Dr. Ralph F. Wilson
Dr. Ralph F. Wilson
Bio   •   RSS Feed