Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What do terms like "opt-in", "opt-out" and "double opt-in" mean?

Question:

I keep hearing terms like “opt-in”, “opt-out” and “double opt-in”
but I don’t get what they mean. What do they mean?

In short, they indicate whether or not you were given a choice, and
in the case of “double opt-in”, whether or not it was really you that
accepted that choice.

The terms are actually fairly generic, but we’ll look at it from the
perspective of email, and spam.

Become a Patron of Ask Leo! and go ad-free!

To “opt-in” to something is to proactively do something to join or
become a part of it. If you don’t do anything, you’re not “in”, it’s as
simple as that.

To “opt-out” of something is the opposite: you’re in something and
you choose no longer to be a part, so you take some action that removes
you.

As you can see, these map very well to email subscriptions: you
“opt-in” to a mailing list, for example, by providing your email
address and asking to be subscribed. Similarly, you “opt-out” of a
mailing list by using whatever unsubscribe mechanism that the mailing
list provides. In either case it’s an action that you take based on
what you want to have happen.

Most confusion results from the term “double opt-in”, or more
properly “confirmed opt-in”. Where “single opt-in” would be providing
your email address and then immediately being subscribed, “double
opt-in” requires a second step (hence the “double”): you have to
respond to a confirmation message to acknowledge that you really do
want to subscribe.

“The only correct way to remove yourself from a
mailing that you originally confirmed you wanted to get is to use the
provided unsubscribe mechanism.”

Here are the steps that happen for confirmed opt-in:

  • You provide your email address somehow. Usually a simple form with a
    submit button to subscribe to a newsletter or other kind of
    mailing.

  • The mailing list provider then sends a message to that email address
    asking you to click on a link or reply to the email to “confirm” that you did indeed intend to
    subscribe.

  • Only when that confirmation is received by the mailing list service
    provider are you actually subscribed. You’ve “double-opted in”.

Double opt-in is considered a requirement these days to avoid being
labeled a spammer. The problem is that with single opt-in, no
confirmation is required. Anyone could enter your
email address in a form and subscribe you to something that you didn’t
want. Double opt-in avoids this completely by first requiring that
whoever is at that email address indicate that yes, they actually,
honestly, really, intended to subscribe.

So how does this all play out with spam?

Double Opt In: if you subscribed to some mailing,
and in particular went through the process of confirming that you
really did want to subscribe by responding to the double opt-in
confirmation request, then as long as that mailing continues to deliver
what it promised, it is not spam. The only correct way
to remove yourself from a mailing that you originally confirmed you
wanted to get is to use the provided unsubscribe mechanism. That should
be provided in every mailing. If they don’t provide such an option, or
go to great lengths to hide it, or if it fails, then you’re certainly
within your rights to use whatever means necessary.

I did include a caveat above: “as long as that mailing continues to
deliver what it promised”, and that’s important. If you sign up for a
tech newsletter, and a year later that newsletter turns into a health
and beauty advice newsletter – that’s not what you signed up for, and
it’s spam. Do what you will.

Single opt-in: single opt-in is dangerous, and to
be honest, no legitimate mailer should be using it. If you can
subscribe to a mailing without confirming, then anyone could be adding
anyone else to that mailing. To the people suddenly getting something
they didn’t ask for … well, that’s the very definition of spam.

The one exception here are businesses with whom you might be making
a transaction. For example, if you purchase something from an online
retailer, that in and of itself can be considered “confirmation” of the
relationship. Now, a smart retailer will ask if you want to get
emails not related directly to the sale. Some will be “opt-in”, where
you need to check a box saying “yes I want this” before it’ll happen.
As we’ll see in a moment, not all are.

It’s difficult to come up with a hard and fast rule about when you
should and should not consider this type of mailing spam, and that’s
what makes this so dangerous for the mailers doing so.
My take: if it’s a legitimate business you trust and have in fact
done business with in the past, then use their provided unsubscribe
mechanism.

Opt-out: We see this in software registration,
online purchases and the like. As you fill out some other form relating
to some other transaction, there’s a checkbox that says “yes, please
send me promotional email” or similar. The key is that the box is
automatically checked for you. In my opinion, that’s wrong. If
you don’t notice it, and then suddenly start getting email you didn’t expect
or actually ask for, then that’s spam. Services using this type of opt-out
process for collecting email addresses are just asking to be labeled as
spammers.

Opt-nothing: for completeness, email from people
you never heard of, from businesses you’ve never used, email you don’t
expect and never asked for: that’s the very definition of spam.

Spam is a pain, but ultimately, I think we all owe it to the people
who go the extra mile and play by the rules to not label
them as spammers, accidentally or otherwise. If they’ve:

  • Told you what you’re signing up for – perhaps even provided
    examples

  • Asked for your confirmation via double opt-in that you really do
    want it

  • Deliver what they promised, when they promised it

Then they’ve played by the rules.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “What do terms like "opt-in", "opt-out" and "double opt-in" mean?”

  1. Leo, you forgot to mention those who provide the opt-out very obviously, and then ignore it completely when you try to use it.

    That’s spam too.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.