undefined | Better HN

0 pointsdnr6y ago0 comments

No, please do _not_ drop a double opt-in on this or any situation where you're collecting email addresses. People mistype email addresses all the time. Always verify email addresses before using them.

(This is a personal pet peeve since I have a short email address that tons of people sometimes think belongs to them, and get a huge amount of mail intended for other people.)

0 comments

Polylactic_acid6y ago

I had a friend who as a joke, signed me up to a shitload of newsletters. Would be nice if they were all required to have verification.

cdiamand6y ago

Thanks for the heads up. Reenabled!

jcrites6y ago

Good choice. Just to elaborate: double opt-in is expected behavior from customer-centric companies, and expected behavior from good actors in the email ecosystem. It's not necessarily required by law in the US, but it's a good practice nonetheless: always make sure you have permission from a recipient to send an email.

Anyone can pass anyone else's email address as input to a form, so simply receiving an address as input is not actually permission. If a newsletter does not employ double opt-in, then it will eventually end up on a list of "single opt-in newsletters" which are used to harass people by subscribing their email to a ton (100s or 1000s) of newsletters that they don't want. People who are the victim of this will rightly mark those messages as spam, causing your email reputation to drop. Random Internet bots will also submit subscriptions using your form with weird addresses for who-knows-what reasons. It's a very good idea to have some data validation to make sure garbage doesn't end up in your list, and double opt-in is one of the best ways to achieve that.

Furthermore, competitors might maliciously attack you by subscribing random email addresses to your list. They can get these addresses from data dumps from compromises (like what haveibeenpwned is using). Sending to these addresses will harm your reputation because recipients will mark as spam, or will fail to interact with your messages which is also a spam signal. Smart malicious competitors will cause you to start sending to spamtraps.

The best defense against being manipulated in these ways is double opt-in. Lastly, your email list as such has more value overall if you know that every single entry was confirmed by double opt-in.

As a corollary, you should remove addresses from the list if messages to the address start bouncing, or if you receive a spam complaint from them; sometimes people are lazy and will mark spam instead of unsubscribing. Ideally, support the List-Unsubscribe feature so that people can unsubscribe from it directly in their email client. A good email platform will help with all of these things.

I consider single-opt-in use of email addresses to be a dark pattern or anti-pattern in most contexts, especially non-transactional contexts like newsletters. Any sort of recurring communication needs double opt-in.

foogazi6y ago

As a recipient of emails intended for other people this is exactly how I wish it worked

aaron6956y ago

> I consider single-opt-in use of email addresses to be a dark pattern or anti-pattern

This is wrong.

I want to be able to enter an email address and get a newsletter. This is good UI/UX blah

There is nothing dark about helping a user using single opt in. Single opt in is great and preferred.

But because of the world we live in, as you explain well, we have to make everyone's lives a PiTA by securing it.

It might be a anti-pattern collecting emails to easily, since the Spam Bots might punish you because of bad actors, which reduces your email reach.

But it's also a anti-pattern to think double opt in is normal. If you can get away with not doing it, then don't. ie. I see idiots doing it in corporate settings or after having paid money

2 more replies

j / k navigate · click thread line to collapse