How to Set Up a Confirmed Opt-In (COI) Flow in Bento

In this tutorial, we'll run you through how to create a confirmed opt-in (COI) flow inside Bento.

Confirmed opt-in (COI) is a strong practice for deliverability, compliance, and security. It confirms that the person receiving email explicitly asked for it, which reduces spam complaints and improves list quality. It also helps prevent typos from sending private or valuable information to the wrong address.

COI works best with basic form protection. Follow the deliverability guide, rate limit your forms, and add bot protection where appropriate. This protects your users and your email performance.

Watch Jesse Hanley's Double Opt-in Tutorial

Watch Mark Szymanski's Double Opt-in Tutorial

Managing Opt-ins in Bento

Bento offers complete flexibility in how you manage your users and their subscription status. Some users may want to run a COI automation for every single sign up, whilst others may want to run it for only certain sign ups as they may have confirmed the email elsewhere (i.e after account sign up).

Before building your flow, we recommend mapping out the different ways someone can be added to your Bento account and deciding how you want to handle them.

i.e you may want to run a COI flow after a blog sign-up but not after an account sign up.

Anything where someone could mistype an address, you probably will want to run COI.

Outline of the Flow

Here is an example confirmed opt-in flow:

Breakdown

When someone signs up on the website we send in a custom event via the API. This could also be an event from Shopify, Stripe, WooCommerce, or another integration.
We immediately unsubscribe them and leave a "double opt-in" reason. This lets you search and segment based on the unsubscribe reason later.
Send a transactional email (which ignores the fact they are unsubscribed) with a link to confirm their subscription, like https://yourdomain.com/double-opt-in. Make it a nice branded page with an offer or next steps. Don't be boring!
Now that is set up we can use a "New Email Click" trigger to catch when they click the confirmation link. Filter this trigger to the exact confirmation URL or a unique token so unrelated clicks do not subscribe someone.
Already Verified so we are skipping the COI steps and just subscribing them.
We subscribe them or update the unsubscription from step 2.
Update custom fields like consented_via, consented_at, and consent_source to record how they opted in. This is useful if you ever get audited or a user claims they never subscribed.

Now that you understand how the flow works and what you are accomplishing at each step, let's dive into how this looks inside Bento.

Building the Flow

Building this flow is made up of two "paths".

Path 1: User signs up

Let's look at the first path, from say, your website form. This part of the flow is made up of 3 steps.

New Custom Event

We start with the trigger targeting new custom events. This one could be anything you like, such as a blog opt-in or account sign up.

Unsubscribe

Here we unsubscribe the user with a reason of double opt-in. This allows you to later search and analyze the conversion rate of sign-ups vs double opt-ins.

Send Email

Finally in this step of the process we send the confirmation email. It's crucial to set this email as transactional, as shown 1. This ensures that the email is sent even though the user was just unsubscribed in the previous step. Inside the email include a link to a confirmation page on your website such as https://yourdomain.com/double-opt-in?token=unique-token.

If you do not want to send people to a confirmation page on your website, you can use a Liquid tag to redirect them to a page on your website: {{ visitor.confirmation_url | hyperlink: "Confirm Email" }}

Web Form Sign-up Path

Path 2: User clicks confirmation link

Now, we need to create a new path in the same flow for when the user clicks the confirmation link.

Confirmation E-mail Click Path

New Click Event

This starting event is triggered when the user clicks the confirmation link from the email sent at the end of the last flow. This trigger is global across all emails you send, so filter it to the exact confirmation URL or a unique token. Security scanners and link prefetching can sometimes touch links, so review Open and Click Tracking before using clicks as consent for high-risk forms.

We set the status of the user to subscribed. (this changes the unsubscribed status we set at the start of the opt-in check)

Update Field

For the last step we update consent fields to indicate the user has completed double opt-in. This provides an audit trail. Common fields include consented_via, consented_at, and consent_source. Name the field 1 anything you like. Both the name and value 2 support Liquid tags like {event} for dynamic use cases.

Bonus: Customising for EU Customers

Many users expand on this basic flow by adding a check for European visitors. Here's how:

After the initial sign up event, use a Split to check if the visitor is from the EU.
If they are, proceed with the double opt-in flow - unsubscribe, send confirmation email, resubscribe on click.
If they're not an EU customer, you can skip the confirmation and do nothing (or whatever else fits your use case).

This lets you apply the stricter consent requirements only where needed.

If you're going to go to the effort to do COI for EU customers, we recommend just doing it for everyone.

Wrapping Up

Setting up a double opt-in flow in Bento is straightforward once you understand the key concepts:

Handle different opt-in methods differently
Unsubscribe and leave a reason to enable segmenting
Use transactional emails and filtered click triggers for the confirmation
Record consent details on the user's profile
Optionally check for EU customers to apply flow selectively

With these building blocks, you can create a consent flow that meets your unique needs and keeps you compliant.

And if you have any other questions, feel free to ask in the Bento Discord!