Monday, 18 December 2017

Mailchimp change to single opt-in. What does it mean for the GDPR?

Why has Mailchimp changed from double to single opt-in on sign-up forms?


If you use Mailchimp to manage your email lists and have a double-opt in sign-up form, you'll have had a notification telling you that your sign up form is going to switch to a single opt-in, unless you take steps to keep it as double. 


Who does it effect?

It's supposed to only impact Mailchimp users with primary contact addresses inside the USA. However, we know of companies (ourselves included) with a primary address in Europe who have had subscription double opt-in settings switch to single. 


What should I do? Should I care? 

First off, don't assume that because you're based in Europe you won't have been affected. Mystery-shop your site and check if your sign-up process is broken.  If you're not double-opting in within Europe you're working outside the data protection laws and setting yourself up for a problem with GDPR.  If your list process has changed and you're letting people sign-up with a single opt-in, you'll need to change your Mailchimp sign-up form process back to double..at the double! (You do that on the List name and defaults page).

And 'yes', you should care. If you're in Europe and you're not double opt-ing in you're breaking the law. If you're outside Europe but your subscriber lists include European citizens you will be breaking the General Data Protection Regulation when it comes into force on May 25 2018.

You should also care if you use double-opt in as a way to filter bots and spam sign-ups from your list. Your door is now open and although Mailchimp will spot spam-sign up patterns and slow things down to prevent your list being oversubscribed by spammers, do yourself a favour and revert to double opt-in if the thought of spam bots keeps you awake at night.


Why has Mailchimp changed the sign-up process?

Nobody can see inside another company, but Mailchimp are a pretty straightforward bunch of people who share thoughts out loud and we can also make some pretty good, educated guesses about the reasons they don't chat about.

Sender reputation is massively important: 61% of double opt-in emails aren't opened

Mailchimp sends billions of emails each year and needs to have an impeccable IP reputation. Sending double-opt in emails that never get a response will drag down an IP reputation as open rates will be low. Only about 30% of double opt-in emails are opened, so switching to single-opt in makes the process quicker for subscribers and better for Mailchimp. 

Mailchimp is clear about the fact that all users are equal and access to IP addresses isn't filtered with those who pay more getting access to the IP addresses with best sender reputation. However, they're also clear about the fact that they categorise their IP addresses in relation the reputation of the subscriber. So your laggard subscribers who don't engage with you much will receive emails from a 'lower' IP address than those who open everything you send out. 


What's this got to do with single-opt ins? 


Mailchimp is looking after it's IPs. It has over 7,000 IP addresses by changing policy to remove many, many unopened emails. According to Mailchimp's own figures, about 61% of double-opt in emails don't get opened. So part of this change is likely to be some housekeeping that will have an overall positive effect on it's IP reputations. There isn't a limitless supply of IP addresses, it takes a while to warm up new ones and develop good sender reputations so Mailchimp is being sensible in looking after the ones its got. It will also save money in processing and storage - which is never a bad thing.

Also, let's consider what's been happening recently in the USA relating to email addresses. We've had massive data leaks, instances of disposable emails being used in combination with personal data to 'vote' on key issues fraudulently and let's not even get into whether emails and social media were used wrongly in the election campaign! Maybe (remember, we don't know and we're not saying this is the case - we're just making educated guesses) just maybe Mailchimp is doing some housekeeping in order to prompt users to freshen up lists, weed out the dead wood and keep it's systems watertight and prevent future email problems.

We've also got a hunch that a benefit of this massive change will be for Mailchimp to get into more dialogues with customers that will help shape some more, new, cool stuff in the future. On which note, Mailchimp has been popping more pop-up forms into it's newsletters. Pop-up forms work best as a single-opt in mechanism, so this move to single-opt in will also help businesses sign up more subscribers and ultimately sell more stuff. 


Finally, we reckon that Mailchimp's email filtering system, 'Omnivore' has developed enough to be a reliable screen for Mailchimp to be able to filter out spammy sign-up attempts from single-opt in sources. You can read more about that here in a developer article in the Mailchimp Blog.

Will my sign-up process break?

It shouldn't. But you ought to check. We had a couple of lists with low activity levels on free user accounts that have just disappeared.#justsaying 

Think about why you were using double-opt in in the first place. If it was to keep spam off your email list then take the advice of Mailchimp and enable a reCAPTCHA step in single opt-in processes. (You can do that in your List settings). 

My sign-up changed to single opt in. Do I still comply with GDPR?

Nope. Not if you've got email addresses on your list from Europe, or if you operate in Europe. You need to use double opt in. 


Actions to take as a result of Mailchimp's single opt-in change


  • Test your sign-up process, don't assume you aren't affected
  • Revert to double-opt in if the new European General Data Protection Regulation impacts you
  • Enable a reCAPTCHA stage if you decide to stick with single-opt in
For further reading, lose yourself in Mailchimp's Knowledge Base and blog and learn more about GDPR. 


No comments:

Post a Comment

All posts are moderated to filter out link spam.