Single, Double or Triple: How Much Opt-In Is Enough?
If you examine the service agreement you signed with your Internet service provider, you will see a clause stating that if you suspected of sending unsolicited e-mail, or spam, your account can be terminated without further discussion.
Today, almost without exception, service providers have added this kind of requirement. It is draconian in effect and has become common because other providers have punished the ISPs themselves when their customers have been caught spamming. Probably the most infamous ISP to suffer from this is AGIS. After struggling to overcome the effects of being blacklisted, it filed for Chapter 11 bankruptcy in February. It was one of the largest ISPs in 1996, and its undoing was its support of the activities of Sanford Wallace, the most infamous spammer ever caught.
If you've decided that the right way to conduct your e-mail marketing campaigns is by using opt-in methods to create your lists, then you should take pains to make sure you have an audit trail to back you up.
Internet users of all kinds occasionally forget that they signed up and opted in to receive marketing e-mail. But that doesn't stop them from complaining. If you send e-mail to your opt-in list, and a recipient demands to unsubscribe, you should honor the request promptly and without fuss. But that doesn't mean you shouldn't remind the recipient that he did in fact opt in, and show him evidence.
In many cases, recipients of apparent spam file complaints before they even read the message. And if you are able to remind them that they did opt in, you should be able to encourage them to go back to your message and read it. So how do you do this?
First, make sure that when a user signs up, you have a logging system in place that should, at the very least, record the IP address that the user is signing up for and the exact time. If users are coming from behind a fire wall or proxy, you won't have great data. But you will at least have a start. Then make sure your system sends an e-mail confirmation with this data to the e-mail address that the user provided. It sometimes happens that subscribers provide the incorrect address when signing up. In some cases, it can happen maliciously.
If a competitor wants to create havoc for you, one of the easiest ways is to enter the e-mail address of known spam activists into your system. When you send out your first e-mail - voila - the activist complains to your ISP, and you're on the ropes. If you send out a subscription e-mail with the logging data, most activists will understand what has transpired, and besides informing you, they'll also attempt to track down the forger. This is a single opt-in process. However, as you will see, this process only provides basic proof that a user signed up with a particular e-mail address. It does not verify the actual subscriber.
How do you make sure that after sending your initial subscription confirmation, the recipient actually gets the e-mail you sent, and confirms the recipient did sign up? In other words, how do you provide proof that an e-mail address holder did subscribe? The best current practice requires a recipient to click on a link within the e-mail, or reply to the confirmation e-mail while modifying it. This provides the second part of the opt-in process, or the double opt-in verification.
The e-mail system is almost flawless in making sure the e-mail was sent to the actual address holder, and by clicking a link within the e-mail or modifying the e-mail in some way and replying, the loop is closed. There is now absolute proof that the e-mail address holder was the person who subscribed. This is the best current double opt-in, which will protect you and your mailers from any backlash.
So why require someone to modify the e-mail in some way, and not simply hit reply to confirm? Unfortunately, users often resort to cute "out-of-office" automatic replies. So if a user has one, and the auto-responder responds to the verification e-mail, the subscription will be confirmed erroneously.
So what is a triple opt-in? A number of e-mail service bureaus claim their systems are superior because they use a triple opt-in process. Basically, after going through a double opt-in process, the system requires that a subscriber provide sufficient personal data to allow the service bureau to match the subscription against a personal detail database - similar to those developed by credit bureaus and large list owners.
While this is a good way of verifying the person, it provides no help in verifying that a subscription for a user is valid. Remember that in the opt-in process, the objective is to verify that a subscriber did indeed opt in.
Going through this step is irrelevant to that process. And while it is possible that certain e-mail lists are considered sensitive and specific enough that the list owner may want to verify the authenticity of a subscription from a demographic or psychographic point of view, it raises significant privacy issues in the area of cross-referencing Internet data and traditional physical data. In almost every case, it is highly inappropriate and it runs the risk of reducing the number of subscribers and of attracting the kind of attention suffered recently by DoubleClick.
Don't forget the objective of having an opt-in list: to ensure that every subscriber is there voluntarily and with complete accountability.