In my recent post about watching the Internet “grow up,” I noted True was a driving force in setting the “best practices” around email publishing — I pushed the first true Email Service Provider to add features I wanted, and one of those features was “double opt-in.”
I don’t claim to have come up with the idea for verifying subscribers, but the first distribution package I used not only broke when there were more than 10,000 addresses on the list, it had no option to require that new subscribers do anything to confirm or “verify” they really want to subscribe.
It was a good idea in the 1990s, and it’s critical today. As the ESP Mailchimp used to say on their web site:
Double opt-in adds a layer of confirmation to your signup process before adding new subscribed contacts to your list, and it has three main benefits compared to single opt-in.
- Protection against spambots, email scams, and fake subscribers, which could increase your monthly benefit rates.
- Assurance of valid email addresses, confirmation that your subscribed contacts want to hear from you, and an archived record of the subscriber’s consent.
- Higher campaign open rates, and lower bounce and unsubscribe rates.
No More
With just one week of notice to Mailchimp list owners, the company announced that unless owners take specific action, all of their existing lists, and any newly created lists, would have double opt-in turned off.
What’s going to happen? Well, it probably already is happening: Mailchimp subscription forms hosted on thousands of web sites are almost surely going to get bombarded by “spambots, email scams, and fake subscribers” — and millions of addresses are likely to get subscribed to mailing lists without “the subscriber’s consent.”
Quite simply, this is obliviocy in action. The only reason I can think of for them to go against what is clearly Best Practices is there’s a financial reason for them to do so. The “best” financial reason I can think of for them to do this is to greatly inflate their subscriber numbers so they can inflate their company value to sell it or to offer stock (an IPO, or Initial Public Offering of stock). And I suspect this even though MailChimp co-founder Ben Chestnut is on record as saying he planned to remain independent, and “The only reason any sane entrepreneur would go public is if the investors needed an exit.”
In my opinion, assuming my supposition is true, the value will truly be “inflated” in that I would expect it to collapse when they fall on their faces with unhappy list owners complaining about all the garbage addresses on their lists, and the resulting lower “open rates” and significantly higher “bounce and unsubscribe rates” — not to mention the “increase in [their] monthly fees.”
It Affects You, Too
I know you don’t particularly care about anonymous list owners, but consider that spammers already have your email address, and send you tons of junk. How easy it would be to add your address to lists so you get more and more mail.
Why? Good question, but even with double opt-in on my lists (which I’ll never allow my lists to be switched to non-verified subscriptions!), I do sometimes get a rash of clearly fake addresses subscribed. I go to the trouble of watching all subscribes come in, and when I see them I take the time to go in and delete them (and no, I won’t say how I know they’re fake: just attribute it to 24 years of experience in email publishing!)
As a legitimate email publisher who makes it much easier to unsubscribe from my lists than to subscribe, I’m irritated at Mailchimp’s irresponsible action because it harms legitimate email publishers — and anyone with an email address who is victimized by scammers and pranksters taking advantage of setups that don’t follow well-established best practices.
For the record, no: I don’t use, and have never recommended, Mailchimp. I think the ESP I use, AWeber*, is currently the best in the business, and that’s who I’d recommend if you’re fleeing Mailchimp now.
– – –
Bad link? Broken image? Other problem on this page? Use the Help button lower right, and thanks.
This page is an example of my style of “Thought-Provoking Entertainment”. This is True is an email newsletter that uses “weird news” as a vehicle to explore the human condition in an entertaining way. If that sounds good, click here to open a subscribe form.
To really support This is True, you’re invited to sign up for a subscription to the much-expanded “Premium” edition:
Q: Why would I want to pay more than the minimum rate?
A: To support the publication to help it thrive and stay online: this kind of support means less future need for price increases (and smaller increases when they do happen), which enables more people to upgrade. This option was requested by existing Premium subscribers.
I’m not a list owner. But as a subscriber to sites and lists, I love double opt-in. I don’t know how many times someone used my email to sign up for something; I don’t think they are all spammers, I think in many cases they are just careless. So I end up getting an email about how I’ve checked into my flight (um, no, I haven’t); how my car is coming in for service tomorrow (um, no, it isn’t) or how my kid’s stuff for camp will be picked up on Sat between 10 and noon (um, no, I don’t have a kid going to camp). Making it a double opt in would make sure people used their correct emails to sign up for stuff, instead of mine.
We need more double opt-in, not less.
—
Another good example and yes, carelessness is a big factor too. -rc
Same situation here. I have a really common set of first name and surname, and a gmail address with the exact combination (no number or whatever added). I keep getting at least once a week messages that are not meant for me.
One policeman even sent one day confidential documents from his official email address to what he thought was his personal email address but in fact was mine.
The “downside” of having been online since forever…
I also have an exact Gmail address and while my name isn’t the most common, it’s common enough to get mixed up.
One I share my name with is married, I know this cause his wife has sent me emails and even put laundry day reminders in my calendar (that one was really confusing).
I’ve received confirmation emails telling me I’m all set for my performance at a musik festival (this one was pretty funny).
The worst ones are emails containing personal information sent from various companies (some so severe that I have reported them to the authorities as their mishandling of the information is bordering on the illegal).
—
Wow. The one that concerns me the most: someone can add something to you calendar just because they know your email address? That’s hard to believe! -rc
My email got printed in a travel book; so I got emails asking for information about trips to India. One of the people was kind enough to let me know where they had gotten my email after I had told them they had the wrong person. Can’t blame that one on no double opt-in. But the others!
I try to be nice about it. But when one student kept insisting I must be her teacher, I admit I told her she deserved to fail.
I have been invited to parties, family reunions, and such. I’ve commiserated with total strangers who have had to report illness or death. I had the chance to help a refugee family out by driving them to appointments and such, which sounded lovely, but since they were on the east coast, not really something I could help with. I’ve gotten documents to sign. And yes, people who insist that my email address is their email address, somehow not realizing two people cannot have the same email address. When one woman kept signing up for political sites that I did not agree with, I did finally sign her up for one that she would not like.
The one about picking up the camper’s stuff — I sent a strongly worded email to the site; and tried to get a paper in their area interested — because of the personal information in that email.
Oh yeah, I even got signed up to monitor a kid’s homework account at their school. How scary is that?
I got my email address back in 1998, so no numbers on it… and apparently my first initial/last name is fairly common.
People are careless.
Several years ago I was a moderator for a Yahoo group. I got to the point of being able to spot spammer email addresses with probably 99% accuracy. Just to be sure I would send a challenge question that they could easily answer if they were who they said they were. Not one ever responded. The spammers either were’t very smart or just counted on the moderators being lazy.
Shouldn’t that be Mail*chump? Just asking….
Nah, MailChimp is better, ’cause they’re monkeying with our email!
Thanks for the heads up on this. I recently took over running the newsletter for our church and we use Mailchimp. I never received any email from them that they were changing this policy. I’ve fixed our lists to prevent this abuse.
Thanks to you and Leo, I chose AWeber and I have been happy with the results. Keep holding people and companies accountable! Best Patreon money I’ve invested in!
Thank you for your rant. It reminded me to pay attention to the notice I had gotten from MailChimp, which my organisation uses, and which has generally been reliable and easy to use. Sure enough, they had already switched us to a single opt-in. It was easy to go into the list settings and switch back to double opt-in, but it’s appalling that a) this is now the default, and b) they would change existing users’ settings (though unlike Facebook, at least they notified us). I’m sure many busy list admins will not bother checking, like me, and may not have even noticed the notice, as it were.
This is even more significant because it seems to leave Canadian list owners unprotected under Canada’s anti-spam legislation (CASL). CASL requires list owners to maintain records of explicit permission to add addresses to the list, and without double opt-in I would have a record of the address being added, but no proof that the owner of the address actually wanted it added. I wouldn’t necessarily be doing anything illegal, but the law is complaint-driven and it wouldn’t matter whether the person had actually legitimately joined my list (and perhaps forgotten they had done so) or if someone added the address without the person’s consent — I wouldn’t be able to prove it one way or the other.
In other words, any Canadian organisation or business using MailChimp that leaves the default at single-click will not have proof that it was the client/target who actually submitted the subscription and would be liable if a complaint were filed.
I’m not a lawyer, or even much of an expert on this, so I called the CRTC (Canadian Radio and Telecommunications Commission) and a very helpful staff person confirmed this interpretation. I thought you’d be interested to know, and maybe your Canadian readers would as well. I’m sure you have more than a few.
I intend to share this information, and your blog, widely.
Thank you again for the rant, and of course for the weekly ray of sunshine (sort of) that is True.
—
They did rescind the action for list owners in the EU, so it’s surprising they didn’t think of Canada. But then, it doesn’t sound like this was fully thought through in the first place. -rc
I just came across this site: rescam.org which will waste the scammer’s time by corresponding with them using an AI. Just forward a scam email you received to them and their AI will take over — NOT using your email address, but one of their own. Wasting the scammer’s time will lower their success rate, and hopefully put them out of business.
“In other words, any Canadian organisation or business using MailChimp that leaves the default at single-click will not have proof that it was the client/target who actually submitted the subscription and would be liable if a complaint were filed.”
Exactly. As the list owner it is your responsibility to know the laws and best practices. MailChimp is a SAS, not a regulatory tool.
That said, this product is used worldwide and they do an excellent job of regulating activity. Against our advice we had a client that did not follow best practice with opt-in and they were shut down within 3 campaigns, so I’m not sure the “SPAM Bot” scenario is even plausible.
—
SAS (or more commonly, SAAS) is Software As (A) Service. When single opt-in is the policy of the ESP so much that they change your settings to that, I’m pretty sure they’re not going to shut the client down for what naturally results. So I disagree: the scenario is not just plausible, but the predictable outcome. -rc
Speaking of misbehavior by email providers, one of my pet peeves (which includes aweber) is replacing links in email messages with tracking links. An example, from a recent (free) issue of ‘This is True’ is: clicks.aweber.com/y/ct/?[special_code]
The problem? There is no way to verify where this click will end up which makes this link indistinguishable from a phishing attack link.
Because more and more email is sent out with these secret tracking links, we are training all Internet users to be numb to possible phishing attacks.
In your case, I note that the premium edition of ‘This is True’ does not add tracking links while the free edition does. To me, this indicates that you are doing this on purpose. Why?
—
Well first, you have to consider the source. Spam mail? Then yeah: don’t click any link if you can’t be SURE of where it goes …and even then it’s probably a bad idea. A newsletter you subscribed to and trust? Well, that’s what “trust” is about.
There are two kinds of such links. One is a link to my own site(s), and the other is to other sites. If it’s MY site, such as this one, you’ll see the link is along the lines of https://thisistrue.com/mailchimp-makes-monkey-us/?awt=special_code, because I can have code on my site to pick up on the tracking info after the “awt” (AWeber Tracking). Someone else’s site? Obviously I can’t install code there, and thus there is the sort of link you mentioned: it then goes through an AWeber server so it can count the click for me, and then forwards the user to where they wanted to go.
OK, so why? So I can clean the list of those who aren’t engaged. This is part of the “best practices” conducted by responsible email publishers.
As for why I don’t do tracking links on Premium: there’s a big difference between an “anyone can subscribe” free newsletter and a distribution list you pay to be on. While it would sometimes be interesting to know what folks are clicking on, I’m not going to “clean” members off the list even if they do fall behind in their reading. They love the content and want to read it on their own schedule, so you bet I’m not going to get in the way of that. Make sense? -rc