the Bento growth platform

Double opt-in or single opt-in?

Over the years, before I even started building Bento, I was always really confused about the whole single and double opt-in fiasco.

When I was studying eCommerce it seemed that the best practice was to just use single opt-in as there was a bias for larger list growth at any cost.

You'd ask for an email in the footer, as a pop-up, or during checkout flow and you're done.

That user can get sent an email anytime after that moment.

Nice and simple.

But when I started to study more about content creators (newsletter owners, bloggers, etc) I couldn't find any articles that endorsed single opt-in.

It was double opt-in or nothing.

So which are you supposed to use?

Look at compliance first.

This is where everyone needs to start first.

Google your local laws, talk to a lawyer friend, and get an understanding on what you must do for the sake of compliance.

As far as I know, as of today, Germany is the only large country that forces you to use double opt-in for all their citizens.

With GDPR legislature evolving this may expand to over 28 other European nations but we're still not sure as the EU governments are moving pretty slow on it (last checked 3rd of June 2021).

If you are in a country that requires double opt-in for your users then you have to enforce it. Most tools, like Bento, will allow you to ensure that new users are unsubscribed to start with and then when they click a confirmation link they get opted-in.

If you are in a country that doesn't require double opt-in then single opt-in is fair game and you can move to the next section.

Then consider list health.

The main reason people in the newsletter or blogging space encourage double opt-in is because they believe that it helps improve the health of the list.

Whilst this may technically be true, it's masking the reason it works.

In email marketing, there are a few concepts you should be aware of: list bombing and honeypot emails.

List bombing is the practice where automated bots troll the web looking for forms to add to a massive pool that they can abuse when they wish to target a victim.

When they do their attack they submit thousands of emails to these forms (including yours) which flood the victims inbox hiding any bad actions like trying to login to a bank account or resetting passwords.

This happens surprisingly often.

Double opt-in ensures that when this happens those emails get captured but they don't actually get sent anything.

For some email marketing providers, that's OK but for providers like MailChimp,, and Klaviyo these may count as billable contacts which is not great for your wallet at all.

In Bento, we take a different approach and protect you by rendering our forms in a non-standard way using custom JavaScript we've written that has bot protection built right inside it (powered by CloudFlare).

This ensures that when those bots visit your site they may see the form but it functionally won't work for them. They'll ignore it and move to the next website.

As for the honeypot emails, this occurs when users scrape emails or find them across the web to add them to an email list.

Providers such as Spamhaus and Hotmail do this on purpose to catch people trying to shortcut their way to a large marketable list.

Trying to protect yourself from this is fairly easy: just don't scrape the web or social media (LinkedIn or Facebook Groups) for email addresses.

But just saying this won't stop your employees, team mates, or others accidentally adding one to your list and marketing to it.

Double opt-ins will help protect you from others adding spam traps to your list but won't protect you necessarily from yourself or your team.

One way Bento tries to protect is by checking email domains across a wide range of spam providers, like Spamhaus, to ensure that emails aren't blacklisted before they actually get their first email.

Additionally, just a simple check to see if the email is formatted correctly and has proper MX records setup will go a long way. Bento does this automatically for you too.

If you can protect yourself from bots and honeypot attacks you are good to choose single opt-in and can move to the next section.

Now consider user behaviour.

User behaviour is one of the strongest votes for single opt-in.

Imagine one of your visitors is scrolling through Instagram, sees an ad for your business, clicks through and browses around.

They then see a pop-up for 10% off and put in their email.

They hit the back button, see a video of a cute puppy, and continue their scrolling from there. They forgot about the confirmation email they had to click on.

In a double opt-in world that future customer, who expressed intent and interest, will not get any marketing from you ever again.

They'll literally never hear from you again and they won't opt-in again because they already thought they did and whilst they MAY see the confirmation email in the inbox it's highly unlikely.

If you've gotten this far and agree with the above then go ahead and go down the single opt-in route.

Consider the following if you use single opt-in and want to make it successful.

In Bento, if you use single opt-in you should consider adding all those users to a fresh sequence, like a Welcome Series, that aims to get them engaged with your brand.

Using Automations, automatically tag or add a custom field that indicates a they are an active_subscriber when they open an email, click a link, or view your website. This is easy to setup and there should already be an automation in your account ready to go.

When you next create your broadcast you just target people with that tag or field and you're off the races.

The benefit with this approach is that you give yourself and the subscriber multiple chances of actually activating their email.

It also catches the edge case that they read your email via an email notification or have images turned off but still visit the website.

It's kind of like an extended confirmation sequence.


If you are unable to protect yourself from spam sign-ups due to using standard HTML forms that most email marketing providers use then you probably should use double opt-in.

This will protect you from listbombing and other nefarious actions.

For users who are on Bento or have written custom forms that have some sort of bot protection baked into them then they should probably use single opt-in (except for German users).