3 Opt-In Best Practices All Email Marketers Should Know

Today’s post is from Sam McNeil, our Director of Deliverability here at WhatCounts. He’s the go-to guy when you need to get and keep your email program squeaky clean, and keep your messages always landing in your subscribers’ inboxes.

Below, you’ll get a quick lesson in list hygiene, which is paramount for your success. When bad emails are added to your list, your emails get blocked from delivery. We want you to get your messages to your subscribers in their inbox. Read on to learn how to best ensure your lists are protected from malicious attacks.

With all of the recent reports of blacklistings by Spamhaus, it is important for marketers to review their opt-in practices, specifically those around their web form submissions.

Traditionally, using a single opt-in method has been sufficient enough to allow potential email subscribers to provide their permission to join an email newsletter list.  They’re able to provide a few brief details about themselves, set their preferences, and then they instantly receive their desired communications to their inbox. 

This process is so easy a caveman can do it!  Evidently spammers can as well …

Recent list-bombing attacks on marketer’s signup forms have led to numerous Spamhaus listings throughout our industry.  Many discussions with deliverability professionals within other Email Service Providers have uncovered a common trend in these instances, the usages of single opt-in web forms for list collection.  

While using a single opt-in is compliant under governing laws such as CAN-SPAM and CASL, this does leave marketers vulnerable to these aforementioned attacks.  

The best way to prevent list-bombing, or any other type of automated bot sign-ups is to require additional steps to confirm an opt-in.  We have seen the most success of strengthening this process through implementing one of the following: adding a Captcha field to the web form, through Confirmed Opt-In (Double Opt-In), or by using the Honeypot Method.  


Prove you’re not a robot!  That is exactly what this type of form accomplishes. Captcha forms will require users to click on random selections of pictures, or type a few random words/characters to prove that this submission is not part of an automated process.  We’ve compiled a list of the most popular below:


This is likely considered the strictest form of opt-in for email submission.  This process will require potential email subscribers to confirm their subscriptions by responding to a confirmation email received after their initial web sign-up.  By requiring an additional action before an email is subscribed to a marketing list, automated sign-ups won’t be able to pass though.  


The Honeypot method is the least intrusive method in the customer’s sign-up process, as it takes advantage of bot sign-up characteristics, and uses these against them.  The Honeypot method will essentially embed fields within the web form that are not visible to humans, where automated bot sign-ups will populate these with information.  Subscribers that are received with these fields populated are then discarded.  While this method causes no interruptions in the subscriber sign-up process, it is considered less effective than using Captcha or COI, as there have been instances where browsers may auto-fill some of these hidden fields, creating false-positives.

As spammers become more sophisticated, marketers must adapt as well.  Having your IP listed on Spamhaus is no fun, and the fallout from this can be detrimental to both your domain and IP reputation.  While anti-list-bombing measures are not required, they are strongly recommended.

If nothing else, the recent Spamhaus listings have given voice to some pertinent deliverability best practices and call for internal audits across the industry in order to reduce any deficiencies in your company’s current opt-in processes.

Also check out 5 Best Practices For Growing Your Email Subscriber List and 5 Design Best Practices For Mobile Friendly Textual Graphics.

More to explore...

Introducing Coupon Manager

The WhatCounts team has been hard at work on a new feature, Coupon Manager, which streamlines using coupons in campaigns. Instead of using a generic

Read More »

Ready to See WhatCounts in Action?

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.