home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

Opting in and opting out

In any discussion of spam and e-mail marketing, you’ll often hear the terms opt-in and opt-out. These refer to two different approaches to managing e-mail lists (and they apply to mailing lists of all kinds, including those related to hobbies or professional interests, as well as to spammers’ lists). Since spammers have distorted these terms almost beyond recognition, it might help to review them here.

Opt-out (BAD)

Suppose I run a mailing list for chicken-plucking enthusiasts (or, substitute any other fetish you might think of). I get hold of your address by some means (not by asking you) and begin to send you e-mails from the list. Being at least a bit of a nice guy, I give you instructions in each mail to tell you how to get off the list if you like. My list can then be called an opt-out list (you must “opt out” of it to stop getting mail from me). Here’s a highly-technical illustration of opt-out:


Opt-out is bad, because it requires the unwilling recipient to take positive action to stop getting stuff that he didn’t ask for in the first place. Opt-out is rude and presumptive. It’s the standard tactic of the spammer.

Bob West, the proprietor of http://www.cluelessmailers.org/ refers to opt-out as extortion, since you are asked to give up something of value (i.e., the information that your e-mail address works) in order to stop the spammer harassing you (and, then, like the classic pulp-novel blackmailer, he will just continue harassing you anyway).

Opt-in (BETTER)

Now, suppose I decide to change my ways after receiving complaints from my ISP, and start a new chicken-plucking mail list. This time, it WON’T be an opt-out list. I advertise the list on my website or by other means (NOT by sending unsolicited e-mail, of course). I give people instructions on how to join the list if they want, perhaps by providing them an automated e-mail link or a webpage form to fill in. Then, I leave the rest to them. Here’s what this looks like:


This, of course, is known as opt-in. It’s a lot better than opt-out, because (in theory, at any rate) I am not sending mail to people who don’t want it. It isn’t perfect, however.

Confirmed opt-in (BEST)

Unfortunately, simple opt-in is insufficient to prevent even a well-intentioned mailing list from sending things to people who don’t want them. For example, suppose your wacky college buddy decides to play a joke on you by signing you up to my chicken-plucking list. All he (or she) really has to do is simply to type your address into my form, and walla! (vil) the mails start coming your way. You are suddenly confronted with a torrent of strange messages having to with chicken-plucking; you get mad and write complaints to my ISP, and I get in trouble again (even though I was trying so hard to go straight). Of course, if you don’t have a wacky college buddy, you can still have your address submitted to an opt-in list by a prankster or even by a spammer.

The problem here is that I haven’t confirmed that people who sign up (or, in the case at hand, people who get signed up by others) actually want to be on the list. In order to take care of this eventuality, I decide to set up a confirmed opt-in approach that works as follows:

  1. You enter your e-mail address into my web form or send a note to my list manager software.
  2. I send you one (and exactly one) e-mail message indicating that you’ve been signed up, and requiring you to confirm this fact by returning the e-mail to me, or taking some other positive action (like visiting a web link that I provide in the message).
  3. If you want to be on the list, you follow the instructions and make a reply.
  4. If you don’t want to be on the list, you simply do nothing, and I won’t bother you again.

Here is a picture of the confirmed opt-in process:

confirmed opt-in

If you’re going to run a bulk mailing enterprise, you should use this confirmed opt-in model, as it gives you the greatest protection against misdelivering messages to people who don’t want them.

Of course, not even confirmed opt-in is totally idiot-proof. If someone really has it in for you and keeps signing you up for confirmed opt-in lists, you’ll get a lot of these “one-time” messages. However, being harassed in this fashion goes beyond simple spamming, and is an issue best dealt with directly as a net-abuse issue (in a manner beyond the scope of this discussion).

The control theorists among us sometimes call this technique closed-loop opt-in because it requires the closure of a feedback loop (i.e., the target must respond positively and “close the loop” to receive further mail), unlike plain-old opt-in, which allows “open loops” (i.e., the target can get more mail simply by failing to make any reply, thereby leaving an “open” loop). You may sometimes also hear the term double opt-in; this term, however, may not necessarily mean the same thing as confirmed, closed-loop opt-in.

When “opt-in” isn’t opt-in

In the olden days of mainsleaze spam, when many business were attracted to the prospect of advertising via “broadcast e-mail” (as it was euphemistically called then), many of the more ambitious bulk-mail operations decided that it helped their marketing efforts to claim that they ran 100% opt-in lists. After all, if some merchant wanted to advertise chicken-plucking products, what better way to do it than to employ a remailer that claims to have opt-in permission from millions of potential chicken-plucking enthisuasts who’ve expressed interest in such ads?

So, these enterprising spammers simply converted their databases magically into opt-in lists by — POOF! — just calling them opt-in lists. So what if you never asked to be on their lists? How can you prove you didn’t? Just relax, and welcome, you’re an opt-in subscriber to GetStupidCrapInYourInbox.com!

Many of the old-fashioned bulkers-for-hire have disappeared, as corporate marketing folks have learned to be far more careful in managing their e-mail marketing efforts. Yet, it is quite possible that this sort of thing still goes on in some circles. These “involuntary opt-in” rackets are maddening indeed, and made more so by the fact that you can’t do much to get out of them (recall rule #3). All you can do is to report them, hang in there, and hope that they get busted (which, eventually, they will be).

So, maybe you did opt in?

“You received this message because you opted in to this list or to one of our affiliates’ lists.” Sound familiar? This message, or some variation, appears in many spam e-mails (or, at least, it used to come up a lot, back when spammers actually pretended to care whether their mails were welcome).

Can you prove that you didn’t opt in? Isn’t it possible that somewhere in the distant past you may have signed up for AnnoyingSalesPitches.com? Certainly, these are the kinds of doubts that spammers would like you to entertain, so as to distract your attention from the fact that they sent you mail you didn’t want, and sent it without your explicit prior permission.

I look at it this way: if it’s a bulk mailing, and I didn’t specifically authorize the sender to send it to me, it’s spam. Pure and simple (see rule #2). Then, I complain about it. If the spammer wants to go to the trouble of retrieving evidence of my opt-in permission from some cobweb-covered database somewhere, I say by all means bring it on. Thus far, no one has bothered.

Of course, people do sign up for things and then forget about them. A legit bulk-mailer will always give you a full statement of why you received the mail (e.g., “You purchased one of our products and forgot to click the box to stop us annoying you”) and will tell you the e-mail address under which you are subscribed. Then, they’ll give you some painless means to remove yourself if you wish.

 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2006, Richard C. Conner ( )

13283 hits since March 28 2009

Updated:Mon, 23 Jun 2008

Document made with KompoZer