Forms
There are several common forms of opt-in email:Unconfirmed opt-in/single opt-in
Someone first gives an email address to the listConfirmed opt-in (COI)/double opt-in (DOI)
A new subscriber asks to be subscribed to the mailing list, but unlike unconfirmed or single opt-in, a confirmation email is sent to verify it was really them. Generally, unless the explicit step is taken to verify the end-subscriber's e-mail address, such as clicking a special web link or sending back a reply email, it is difficult to establish that the e-mail address in question indeed belongs to the person who submitted the request to receive the e-mail. Using a confirmed opt-in (COI) (also known as a Double opt-in) procedure helps to ensure that a third party is not able to subscribe someone else accidentally, or out of malice, since if no action is taken on the part of the e-mail recipient, they will simply no longer receive any messages from the list operator. Mail system administrators and non-spam mailing list operators refer to this as ''confirmed subscription'' or ''closed-loop opt-in''. Some marketers call closed-loop opt-in "double opt-in". This term was coined by marketers in the late 90s to differentiate it from what they call "single opt-in", where a new subscriber to an email list gets a confirmation email telling them they will begin to receive emails if they take no action. Some marketers contend that "double opt-in" is like asking for permission twice and that it constitutes unnecessary interference with someone who has already said they want to hear from the marketer. However, it does drastically reduce the likelihood of someone being signed up to an email list by another person. Double opt-in method is used by email marketers to ensure the quality of their list by adding an extra stop in the verification process. The US CAN-SPAM Act of 2003 does not require an opt-in approach, only an easy opt-out system. But opt-in is required by law in many European countries and elsewhere. It turns out that confirmed opt-in is the only way that you can prove that a person actually opted in, if challenged legally.Opt-out
Instead of giving people the option to be put in the list, they are automatically put in and then have the option to request to be taken out. This approach is illegal in theAddress authentication
Email address authentication is a technique for validating that a person claiming to possess a particular email address actually does so. This is normally done by sending an email containing a token to the address, and requiring that the party being authenticated supply that token before the authentication proceeds. The email containing the token is usually worded so as to explain the situation to the recipient and discourage them from supplying the token (often via visiting a URL) unless they in fact were attempting to authenticate. For example, suppose that one party, Alice, operates a website on which visitors can make accounts to participate or gain access to content. Another party, Bob, comes to that website and creates an account. Bob supplies an email address at which he can be contacted, but Alice does not yet know that Bob is being truthful (consciously or not) about the address. Alice sends a token to Bob's email address for an authentication request, asking Bob to click on a particular URL if and only if the recipient of the mail was making an account on Alice's website. Bob receives the mail and clicks the URL, demonstrating to Alice that he controls the email address he claimed to have. If instead a hostile party, Chuck, were to visit Alice's website attempting to masquerade as Bob, he would be unable to complete the account registration process because the confirmation would be sent to Bob's email address, to which Chuck does not have access. Wikipedia uses this mechanism too.Best practice
The step of email address verification (confirmation) is considered by manySee also
* Closed-loop authentication *References
{{reflist Spamming Email