What is Double Opt-in?

Definition

Double opt-in, also called confirmed opt-in or COI, is a method of building an email list in which a new address joins the list only after the person who owns it actively confirms the subscription. The first step is the signup itself, where someone enters their email address into a form and submits it. The second step is the confirmation, where the system emails that address a message containing a unique link or button, and the person must click it to finish subscribing.

The contrast is with single opt-in, where submitting the form is the only step and the subscriber is added immediately with no confirmation. Single opt-in is faster for the user and yields a larger headline subscriber count, but it adds everyone who fills in the form, including people who mistype their address, people who enter someone else's address, and bots completing forms automatically.

Double opt-in closes those gaps by design. Because a confirmation email has to be received and acted on, the process inherently confirms three things at once: the address is syntactically correct enough to receive mail, a real mailbox exists behind it, and a real person who has access to that mailbox chose to proceed. That is why double opt-in is often described as the gold standard for permission-based email marketing.

How It Works

A double opt-in flow runs in a predictable order. A visitor enters their email address into a subscription form on your website, a popup, or a landing page and submits it. At this point they are not yet a subscriber. The system records the address with a pending or unconfirmed status and immediately sends a confirmation email to it.

That confirmation email is short and has one job. It asks the recipient to confirm they want to subscribe and provides a clear call to action, usually a button or link carrying a unique token tied to that signup. When the recipient clicks it, the system matches the token, changes the address status from pending to confirmed, and only now adds it to the active mailing list. Many senders follow the click with a welcome email or redirect the subscriber to a thank-you page.

If the link is never clicked, the address stays unconfirmed and never reaches the active list. Some senders send a single reminder; most simply discard unconfirmed addresses after a set period. A subtle but important point is what happens before the click: the confirmation email is itself sent to an address you have not verified. If that address is a typo or does not exist, the confirmation email hard bounces, and a high volume of those bounces can harm the reputation of the very domain you rely on to deliver confirmations. That is the gap email verification fills, and it is why the two techniques are usually used together.

Why It Matters for Email Deliverability

Double opt-in has a strong, well-documented effect on deliverability, and the mechanism is straightforward. Mailbox providers decide where your mail lands by watching how recipients behave. Confirmed subscribers tend to open, click, and rarely complain, and they almost never hard bounce because their addresses were proven to exist during confirmation. A list built this way sends consistently positive signals to Gmail, Yahoo, and other providers, which steadily improves inbox placement.

A single opt-in list sends mixed signals. It carries typo addresses that bounce, abandoned addresses that bounce, and occasionally spam traps that providers use to catch senders mailing lists they did not earn. It also includes people who never really wanted the mail, who are more likely to mark it as spam. Hard bounce rates above two percent and complaint rates above 0.3 percent push a sender toward the spam folder or trigger outright blocking. Double opt-in suppresses both metrics at the source.

There is a tradeoff to acknowledge honestly. Requiring a confirmation click costs you some signups, often 20 to 30 percent fewer confirmed subscribers than single opt-in would produce, because not everyone completes the second step. But the subscribers you keep engage at higher rates, which lifts open rates, click rates, and ultimately the return on each campaign. A smaller engaged list usually outperforms a larger unqualified one, and it does so without quietly eroding your sender reputation.

How VeriMails Handles It

Double opt-in and email verification solve different parts of the same problem, and they work best in combination. Double opt-in confirms intent and engagement after a person acts. Verification confirms that an address is technically valid before the confirmation email is ever sent, which means it catches the typos and dead addresses that double opt-in alone would only discover as bounces.

The recommended pattern is to verify at the moment of signup. When a visitor submits your subscription form, call the VeriMails REST API with the address before you queue the confirmation email. VeriMails checks the syntax, confirms the domain has valid MX and DNS records, performs a live SMTP handshake to confirm the mailbox accepts mail, and detects catch-all domains, disposable addresses, and role-based addresses. If the address comes back invalid or as a disposable throwaway, you can ask the visitor to correct it on the spot, so the confirmation email only goes to addresses that can actually receive it. That keeps your confirmation send clean and protects the sending reputation that delivers it.

VeriMails also helps with lists that predate your double opt-in policy. Older single opt-in subscribers and any imported data can be uploaded as a CSV for bulk verification, letting you remove invalid and risky addresses in one pass. Verification returns clear deliverability categories for API and bulk workflows. New accounts get 100 free credits on signup with no credit card required and credits that never expire, with verification priced from 0.0019 dollars per email, which is 19 dollars for 10,000 credits, and subscriptions from 15 dollars per month.

Frequently Asked Questions