A double opt-in is the process whereby a contact confirms their sign-up for marketing communication/membership. It basically makes signing up into a two-step process.
First the contact signs up, maybe at the checkout, using their email address, causing the standard preferences to be set. An email is then sent, containing a link. The contact needs to actively click this link, causing the additional double opt-in consent to also be set. Only then should they be included in any email send-out, and it's up to the Engage admin to confirm this before including them.
Why double opt-in?
Using double opt-in increases the chances that only interested customers receive marketing information. It also protects your sender reputation, since now only real email addresses will be included in send-outs.
A third reason is GDPR. As a data controller you are responsible to ensure that you only process correct personal data and that you have a legal basis for doing so (for example consent) and that the applicable individual has been informed of the processing. This might be very difficult to ensure without double opt-in.
Double opt-in in Engage
If you are utilizing Engage’s double opt-in solution (as described on our developer site), there are important considerations to keep in mind. It's crucial to understand that the double opt-in process alone does not automatically shield a contact from further communication. It remains your responsibility to ensure that communication only occurs with contacts who have explicitly provided their consent.
Consider this scenario: Your contact base requires individuals to confirm their email address and take an action to accept communication (such as clicking an email after signing up—double opt-in). Two new contacts sign up for your loyalty program and receive the initial confirmation email with the double opt-in link. One contact clicks the link, confirming their consent as "true." The other contact ignores the email and, therefore, has not provided consent. Both contacts are now part of your contact base and can potentially receive both welcome emails and regular campaign send-outs.
To prevent communications to those who have not yet provided consent, it's essential to factor in the double opt-in status. There are several ways to achieve this, such as working with segments or target audiences that only include contacts with a "true" consent status. Additionally, remember to incorporate the consent criteria into your automations.
Email scanners and GDPR
Some email systems scan incoming emails and automatically access any links to confirm they are not malicious. This can cause an opt-in link in an email to be automatically "clicked" before the receiver opens it, generating a false consent. Note that it is outside of Engage's area of responsibility to guarantee that unapproved consents are not created in this way. It is always up to you as the data controller for ensuring that GDPR requirements are met.
There are however many solutions to this problem. You can for example set up a landing page where there's a second button to click that gives the actual consent. Or use a captcha on that landing page to confirm the visitor is human. Or have a client-side redirect that adds some extra required parameter to the link when it's been clicked by the user.