Summary: You may or may not have heard the furor over Spamza - the website where anybody can enter any email address, and have that email address instantly signed up for hundreds of newsletter mailing lists. Of course, everybody is very upset because this site facilitates people getting spammed. BUT, there is also a very important lesson here for email marketers, newsletter publishers, and just about any other email sender who maintains a mailing list.
Originally posted 2008-08-19 10:26:56.
You may or may not have heard the furor over Spamza – the website where anybody can enter any email address, and have that email address instantly signed up for hundreds of newsletter mailing lists.
(If you haven’t yet heard about it, you can read more about Spamza here.)
Of course, everybody is very upset because this site facilitates people getting spammed – to the tune of hundreds of spams a day (our test account got 182 in the first 14 hours). It not only can be abused – it’s designed to create abuse.
BUT, there is also a very important lesson here for email marketers, newsletter publishers, and just about any other email sender who maintains a mailing list.
And that lesson is: single opt-in is dangerous.
Because it can be abused.
And not just because it can be abused – but because when it is abused, it hurts your email reputation and deliverability.
Now, you may be saying to yourself right now “Ok, but surely Spamza is an isolated incident – that won’t happen to me.”
Stop right there.
First of all, if you run a single opt-in mailing list – particularly if you have a sign-up form on your website – it may already have happened to you.
And, you know, those to whom it has already happened are now dealing with the fallout from hundreds or even thousands of complaints from people whom they have spammed – however unwittingly.
And, at least one sender has already had their IP address blocked and their hosting pulled as a result of all the spam complaints!
Now, if this hasn’t happened to you – yet – well then, consider yourself lucky, you may have dodged the bullet for now. But that doesn’t mean that it can’t – or won’t – happen.
And even if it isn’t Spamza – in fact, even if it isn’t a targeted effort – people enter the wrong email addresses in web sign-up forms all the time. Sometimes it’s by accident (they typo their own email address and the result is someone else’s email address), but often it’s on purpose. This happens frequently with squeeze pages, where the user feels justified in lying about their email address because they are annoyed that you are requiring them to give up their email address to get to some resource they want. But it also happens with people who just have a grudge against you – or against the target whose email address they are forging in your sign-up form.
The best – indeed, the only – defense against this is to use confirmed (double) opt-in. Period.
Now that doesn’t mean that you have to run out and re-confirm all of your mailing list addresses (although it’s not a bad idea).
But, is there any reason to not require confirmations of email addresses from here on out, starting today?
Because, there sure is a good reason to do it.