Anyone can pass anyone else's email address as input to a form, so simply receiving an address as input is not actually permission. If a newsletter does not employ double opt-in, then it will eventually end up on a list of "single opt-in newsletters" which are used to harass people by subscribing their email to a ton (100s or 1000s) of newsletters that they don't want. People who are the victim of this will rightly mark those messages as spam, causing your email reputation to drop. Random Internet bots will also submit subscriptions using your form with weird addresses for who-knows-what reasons. It's a very good idea to have some data validation to make sure garbage doesn't end up in your list, and double opt-in is one of the best ways to achieve that.
Furthermore, competitors might maliciously attack you by subscribing random email addresses to your list. They can get these addresses from data dumps from compromises (like what haveibeenpwned is using). Sending to these addresses will harm your reputation because recipients will mark as spam, or will fail to interact with your messages which is also a spam signal. Smart malicious competitors will cause you to start sending to spamtraps.
The best defense against being manipulated in these ways is double opt-in. Lastly, your email list as such has more value overall if you know that every single entry was confirmed by double opt-in.
As a corollary, you should remove addresses from the list if messages to the address start bouncing, or if you receive a spam complaint from them; sometimes people are lazy and will mark spam instead of unsubscribing. Ideally, support the List-Unsubscribe feature so that people can unsubscribe from it directly in their email client. A good email platform will help with all of these things.
I consider single-opt-in use of email addresses to be a dark pattern or anti-pattern in most contexts, especially non-transactional contexts like newsletters. Any sort of recurring communication needs double opt-in.
This is wrong.
I want to be able to enter an email address and get a newsletter. This is good UI/UX blah
There is nothing dark about helping a user using single opt in. Single opt in is great and preferred.
But because of the world we live in, as you explain well, we have to make everyone's lives a PiTA by securing it.
It might be a anti-pattern collecting emails to easily, since the Spam Bots might punish you because of bad actors, which reduces your email reach.
But it's also a anti-pattern to think double opt in is normal. If you can get away with not doing it, then don't. ie. I see idiots doing it in corporate settings or after having paid money
Someone thinks my email address is their email address, and keeps filling it in in various places as "their" email address.
They seem to live in France, and so the things they sign up for are in French.
Sometimes, these are double opt-in, and I can just ignore them.
Other times, I suddenly have to figure out how to unsubscribe from a newsletter that's in french.
Often, the "unsubscribe" link is just a mailto link to their customer service, and now I have to hope they can understand my English as I ask them to remove me from their list.
Also, this same ne'er-do-well has taken out loans with my email address as one of their few pieces of contact information. So now I have a loan company trying to get money from "me." Obviously, loan companies aren't going to be very accomodating when you tell them they have the wrong address. That's what they all say, no?
(It's not quite identity theft, as the loan people really are after the other guy, not me. It's not my credit score being impacted. They just emailed me because mailing the address on file, phoning the phone number on file, etc. didn't work.)
Wouldn't it be great if I could contact this person to tell them to stop? Well, think about how I could accomplish that for a moment. All I know about them is... my own email address!
I don't want to be single opt-ined to random crap, but apparently lots of people want me to be.
