Confirmed Opt-In Protects Against Spamza and Other Malicious Sites

In the many discussions I’ve had about Confirmed Opt-In, and why it’s key for anyone following best email marketing practices, there’s one point I’ve found many people just don’t believe:

When you run your campaigns as single opt-in, you run the risk of people or scripts maliciously signing up other people’s email addresses to your list – meaning you’re spamming them.

Unintentionally, yes, but it’s still spamming, because that person who you’re now emailing never signed himself/herself up to your list.

For many people, the idea that someone would use their signup form to sign up someone else’s email address just makes no sense.

Well, you’re right – it doesn’t make sense.

But it happens, sometimes on a grand scale.

Spamza: How One Site Created A Lot of Spam Problems for Single Opt-In Email Campaigns

Recently, email marketers had a scare thrown into them by the website

Spamza promoted itself as a site that allowed people to “spam their enemies” by entering an email address into a web form.

Spamza then took the email addresses entered and subscribed them to hundreds of email newsletters.


Spamza is no longer online, but you can see a screenshot of their homepage below (click for full-size version).

Spamza Homepage - Click for Full Size

Scary Stuff – If You Run a Single Opt-In List

What if your email newsletter were one of the ones Spamza signed addresses up to?

Well, if you were running your campaign using Confirmed Opt-In, anyone added to the Spamza form would get your confirm email. The owners of those addresses would either delete that individual message or mark it as spam. And that would be the end of it.

If, on the other hand, you were using single opt-in, you’d have quite a problem on your hands.

  • Your list size would be artificially inflated with uninterested subscribers – lowering your click and open rates
  • Your subsequent email newsletters would get more complaints as the owners of the addresses added to your list started marking your messages as spam.
  • You could show up on URL blacklists (based on links that appear in your messages) – meaning future emails with your website in them could be blocked, even if they were sent by other people (like your affiliates) or if they were transactional messages (like payment notifications or responses to customer support tickets).
  • Perhaps worst of all, your target audience could label you as a spammer (which could lead them to persuade others not to do business with you, online or offline).

“Sure – But I Use Single Opt-In, And I Wasn’t Affected. That Stuff Just Won’t Happen To Me.”

I hope not – and I mean that sincerely. I don’t want to see any of that stuff listed above happen to you.

But is hoping that it won’t happen to you really a prudent way to run your business?

Anne Mitchell, founder of email accreditation firm ISIPP, had this to say:

[E]ven if it isn’t Spamza – in fact, even if it isn’t a targeted effort – people enter the wrong email addresses in web sign-up forms all the time. Sometimes it’s by accident (they typo their own email address and the result is someone else’s email address), but often it’s on purpose.

The fact is, malicious subscriptions are quite real, and if you’re not confirming subscribers, your email deliverability could be threatened by a script like Spamza’s.

More Coverage Of Spamza

  1. ZDNet
  2. Word To The Wise

It’s a weird, wild Internet we do business on. Better to protect yourself than to run the risk of some knucklehead taking advantage of your single opt-in signup process.

(If you’re still on the fence about confirming your subscribers, check out these common Confirmed Opt-In Myths.)