Email spam is about to get way worse, and you can blame MailChimp

mailchimp double opt in spam mail chim feat

Do you have a problem with spam?

I do, but perhaps not the one that you imagine.

You see, the anti-spam system I have in place does do a pretty good job of siphoning away offers to purchase fake doctorates, malware posing as attached invoices, and emails in Cantonese or Russian that are trying to sell me… well, I don’t know what they’re trying to see me as I don’t speak those languages.

But what’s more difficult to filter out are the legitimate newsletters that bombard my inbox.

Newsletters that I never signed-up for.

When you’ve been doing what I do as long as I have there are inevitably some folks who end up not liking you. Some of them might be online criminals, others may be folks who are upset about something I said on Twitter.

And a small number of these people might think it’s worth their effort to sign up my publicly-available email addresses to hundreds, no… thousands of legitimate newsletters and mailing lists that I have no interest in.

I’m not the only one who has suffered from these kind of “email bomb” attacks – which are the equivalent of a denial-of-service attack on your inbox.

The only saving grace is that the better-managed newsletters ask you to confirm that you really really want to receive emails from them. They do this by sending a single email – normally with a clickable confirmation link – to the email address entered on their subscription form.

If you don’t respond to the confirmation email, you don’t get any follow-up emails. That’s how things are supposed to work. And it’s called double opt-in.

But when it comes to the benefits of double opt-in, don’t just take my word for it.

Here’s what MailChimp, a service that I and millions of others around the world use to send out email newsletters, was saying until quite recently:

MailChimp double-opt in

Double opt-in adds a layer of confirmation to your signup process before adding new subscribed contacts to your list, and it has three main benefits compared to single opt-in.

  • Protection against spambots, email scams, and fake subscribers, which could increase your monthly benefit rates.

  • Assurance of valid email addresses, confirmation that your subscribed contacts want to hear from you, and an archived record of the subscriber’s consent.

  • Higher campaign open rates, and lower bounce and unsubscribe rates.

All very sensible. And a good example of why, in the past, I have recommended MailChimp to organisations and individuals wishing to send out legitimate email newsletters.

Only problem is… after years of protecting internet users from unwanted newsletter subscriptions, MailChimp has had a change of heart.

Last week it quietly (I only found out by logging into my account, I never — ironically — received an email advisory from them) revealed that it would be switching its customers’ mailing lists to “single opt-in” rather than “double opt-in.”

mailchimp double opt in spam change

What does that mean? It means that subscribers won’t have to confirm that they really really want to receive a newsletter. Which means that any toerag can enter your email address for a newsletter run on MailChimp’s systems that you don’t want and the onus will be on you to unsubscribe.

And MailChimp has, of course, removed the wording on its website about why double opt-in is a good thing that reduces unwanted emails and means that MailChimp users benefit from lower billing rates.

And how come MailChimp decided to change customers’ settings, and only gave them until October 31st to choose to stay with double opt-in going forward. Seven days notice is a ridiculously short amount of time, for a number of reasons – including that many of us have already got processes in place that tell subscribers to await a confirmation email, and explain how we require confirmed opt-in to avoid spam sign-ups.

You won’t be surprised to hear that many folks were less than impressed with MailChimp’s decision.

All of this adds up to one conclusion: MailChimp has gone bananas.

Evidence that MailChimp has simply not thought through this switch to the ghastly single opt-in model becomes ever more clear when you consider that double opt-in is necessary in the European Union as a proof of consent under GDPR and expressly required in Germany.

As MailChimp acknowledges in their latest pronouncement on their issue, they were completely clueless about the implications of what they were doing.

Well, they don’t quite say that. But it does appear that they’ve realised that what they tried to do might have ummm.. some legal implications:

“We made this decision after receiving a lot of feedback from EU customers who told us that single opt-in does not align with their business needs in light of the upcoming GDPR and other local requirements. We heard you, and we’re sorry that we caused confusion. Customers located in the EU will receive an email from us today to let them know how we’ve changed the plan.”

“Please know we are committed to helping our customers get ready for the GDPR. Double opt-in provides additional proof of consent, and we suggest you continue using double opt-in if your business will be subject to the GDPR.”

(By the way MailChimp, I still haven’t received the first email – let alone the one you promise here)

So, MailChimp is turning around for lists run by European firms at least – we’ll stay as double opt-in by default.

Not that this necessarily avoids the GDPR issue however. As Marcus Bointon explained on Twitter:

That means that American businesses using MailChimp, for instance, need double opt-in if they wish to send newsletters to European citizens. Back to the drawing board MailChimp!

And you know what? MailChimp hasn’t resolve my problem just by not switching my mailing list to single opt-in. Most MailChimp mailing lists are being switched to single opt-in, which means they will be used for email bombs, and their owners will end up paying MailChimp more money each month for all of those extra unapproved subscribers.

I complained publicly and privately, and was disappointed with MailChimp’s response.

As someone who has used and recommended MailChimp for *years* I feel massively let down by them.

Changing the settings for my own mailing list (which of course, I did) isn’t actually a solution. Sure, it stops toerags using my newsletter as an email bomb but it doesn’t stop many more MailChimp-run mailing lists switching to a system that will increase the amount of unwanted emails flying around the internet.

I can no longer recommend MailChimp. And with no other options available to me, and a company that seems unprepared to listen to its aggrieved users, the only thing I can do is switch mailing list provider and close my account.

They’ve got a few weeks to see the light and then I’ll be off.

To hear more about the MailChimp debacle, be sure to check out this edition of the “Smashing Security” podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.


I tried an LTE laptop for a month, and I wasn’t really convinced

LTE laptops offer up plenty of benefits and are becoming more common. After spending one month with one in my daily life in New York City, I really wondered if it is something that consumers really need in their lives.

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Social Media

‘YouTube Rewind 2018’ is about to become its most disliked video ever

YouTube is about to achieve a record it really doesn't want — that of "most-disliked video." Yes, its annual recap of featuring popular YouTubers has gone down really badly this year.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

5G: Why everything is about to change

Curious about the many ways 5G will change and enrich your life? Here’s our guide to all things 5G.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.