SocialWe recently announced that Mailchimp now supports single opt-in signups directly from our forms. This sparked a lot of discussion around email deliverability—some expected, some surprising.
As Mailchimp’s deliverability lead, I appreciate when users care about how these systems work. Building a strong list is essential to reaching the inbox, and we’ve developed powerful tools to support both. While we’ve put considerable effort into making single opt-in safer, we haven’t always explained how. So here’s how we’re protecting your list—and your inbox success.
How We Safeguard Sending Reputation
A top concern around single opt-in is its impact on sending reputation. Here’s how we address that.
We operate a pool of over 7,000 shared IPs. Maintaining a strong reputation across all of them is a priority. We don’t segment poor-performing IPs—we focus on delivering reliable performance across the board. Nothing about our thresholds or how we support list quality has changed. But it helps to know how we prioritize your best subscribers.
Highly engaged subscribers—those with 4 or 5 stars—always receive emails from our highest-performing IPs. These IPs are clean, with minimal bounces and abuse complaints. Whether your list was imported, created via forms, or uses single or double opt-in, those subscribers get the best delivery.
We group IPs into good, better, and best—mapped to 2–3 star, 4 star, and 5 star subscribers. Every subscriber starts at 2 stars and earns more with consistent opens and clicks. Our conservative algorithm ensures that 4- and 5-star subscribers are truly active, but even the lower tiers perform well as a group.
On our delivery page, you’ll find our Sender Score, bounce rates, and delivery times across major ISPs. Much of our low bounce rate success comes from real-time abuse prevention systems that analyze all lists continuously.
Addressing the Bot Problem
Another major concern is bots. Anyone managing a form knows how bots submit fake addresses or spam legitimate ones—sometimes thousands of times over. These attacks, known as “subscription bombs” or “list bombs,” can wreak havoc.
Double opt-in offers some protection: a confirmation email is sent, but unless the recipient clicks it, the address won’t join your list. Still, that unwanted confirmation email can annoy recipients, and it doesn’t completely solve the issue.
To combat multi-list and single-list attacks, we’ve implemented throttling systems. They prevent a single email address from being added to too many lists in a short span and reduce the frequency of submissions to a single list. These apply to both single and double opt-in forms.
The key difference? With single opt-in, a targeted email address receives a welcome email and is added to your list immediately. With double opt-in, they only get added if they confirm. While throttling helps, it’s not foolproof.
That’s why we strongly recommend enabling reCAPTCHA. It’s already built into all our hosted forms. For embedded or pop-up forms, you can enable it in list settings. Unlike throttling, which activates after a few submissions, reCAPTCHA prevents bots from getting through in the first place.
How Things Have Evolved
A decade ago, I hated pop-up forms. They were clunky, disruptive, and as annoying as flashing marquee text. But times have changed. Pop-up forms today are more elegant and better timed. Like them, the tools for implementing single opt-in have matured.
Double opt-in remains a solid way to build high-quality lists. But marketers today have access to newer tools that let them use single opt-in effectively without compromising list health. At Mailchimp, our defenses have grown stronger, and our approach more refined.
Our mission is to help small businesses grow. Single opt-in forms, paired with smart deliverability infrastructure, offer a scalable solution for businesses looking to expand. Our Deliverability team has been part of the decision from day one, and we’re confident this gives small businesses more flexibility to build strong, engaged lists.
