Home > Articles

Creating Opt-in Email Lists: Just Say Yes

  • Print
  • + Share This
Planning on starting up a mailing list? Be sure you make it "opt-in" if you don't want problems you really would rather avoid. Technology writer Daniel P. Dern imparts some good advice from sysadmins and leading opt-in list providers.
Like this article? We recommend

Like this article? We recommend

Mailing lists are a powerful way to reach out and communicate with people. But, as almost all E-mail users (but still not enough companies and other senders) know, users today don't want to be added to lists and be forced to opt out to get off. We want to have to deliberately, explicitly ask to be added—opt in—to a list.

Here's a brief look at some tools, approaches, and do's-and-don't's for doing opt-in E-mail.


This article is written for the network or list administrator, not the prospective subscriber.

The True Meaning of Opt-in

These days, even proactively signing up for a list isn't considered enough. After all, anybody can fill in a Web form or send an E-mail request with your E-mail address.

Responsible list owners want to ensure that their subscribers consist of only people who want to join. Aside from the obvious spam approach of using harvested addresses, it's all too easy for people with a malicious agenda to sign someone up for lots of lists (for example, to "mail bomb" the unsuspecting user with thousands of pieces of unexpected E-mail), a common form of Internet revenge.

Dan Ritter, IT/Operations Leader at financial software firm Smartleaf, Inc., offers advice based on his personal experience running several private lists:

"Opt-in is a process in which the mailing list software gets a positive confirmation from the E-mail address that has requested the subscription, confirming the E-mail address exists and somebody using it does want to be on the list."

The confirmation usually contains a token (a unique string of characters) that can be sent back through E-mail, as part of a URL, or pasted into a specified Web form. The token proves that the E-mail address owner got the message with the token and wants to be on the specified list. This multi-step process is often referred to as double opt-in or opt-in and confirm.

"True opt-in requires you send back a confirmation message that includes a unique token or password, to defeat an automated sign-up attack," says Ritter. "There is a consistent pattern among spammers to call something an opt-in list and everything else is double opt-in. In a spammer's eyes, opt in means somebody has signed in for the service but never confirmed it. This is obviously open to abuse. Real opt-in always has to be confirmed."

More generally, true opt-in requires some form of confirmation. Although E-mail or Web-based confirmation is the most common, it's also possible to do the confirmations by phone or even snail mail—if you have enough trust or knowledge of the confirming parties.


For example, on the private mailing list I co-run for alumni of Bolt Beranek & Newman, I process all add requests by hand, so nobody's added unless he explicitly requests it—by E-mail, phone, running into me somewhere, telling somebody else who tells me, etc.—and the "confirmation" pass is my asking anyone who I don't recognize to provide enough bona fides.

  • + Share This
  • 🔖 Save To Your Account