Taking one step forward and two steps back with the spam problem

Just as it seems we’re getting a handle on soaring levels of spam emails a key tool is changed for the worse

By the end of Q3 this year, just under 60% of email was deemed spam. That’s almost two in every three emails being a nuisance, or potentially dangerous to global email users. Businesses really don’t want to contribute to the problem by creating “noise” in people’s inboxes, instead we want to focus on improving deliverability and ensuring our customers receive relevant communications from us.

Most companies, and in particular marketers, rely on bulk email services to manage the distribution of our email messages, and until now, we’ve had one provider in our corner, doing its best to reduce unnecessary emails flying about the internet.

Monkeying around with email

However, in October, MailChimp, had a change of heart about its opt-in settings for subscribing to emails, moving from a double opt-in process, to a single.

So what does this mean? By changing subscription settings to a default single opt-in, a person now only needs to enter an email address and click subscribe to join a MailChimp list. Compare this to the double opt-in method — where a subscriber had to verify they wanted to subscribe via responding to one-off email they received — and you can see why “spam” email volumes may quickly increase.

The omnipresent GDPR

Needless to say by removing this verification process, people weren’t happy. Double opt-in is a necessity to prove consent was actually obtained from an email address owner under the upcoming GDPR regulations. MailChimp’s change provides an array of possibilities for hackers and bots to easily access newsletter subscriber lists, meaning you could see hundreds of new emails in your inbox daily. Facing backlash in Europe specifically, the company decided that if the primary contact address was in the EU then existing forms would remain double opt-in. Great news for .co.uk email addresses, but what about users of Gmail where it’s difficult to determine location?

An e-mail u-turn

The incident brings to light the ever present dangers facing email security today, as well as the battle that so many brands face with email deliverability. MailChimp argued that double opt-in rates have slipped to 39% and that consumers no longer expect this step. While this may be true, the industry trend hurts privacy and security and goes against what the service had previously stated about the importance of authentication.

It wasn’t so long ago that MailChimp lauded double opt-in as a safeguard against bots, scammers and everything in between. This new default behavior does quite the opposite, and although opt-in will increase in the short term, longer term organisations using MailChimp will likely face an increased number of people unsubscribing from email lists. Furthermore, we’re likely to see spam rates soar as a consequence. Single opt-in enables spam bots to plug your email address into any number of sign-up lists and and in effect, DDoS your mailbox.

There’s very little that users and security advocates can do about this — taking a corporate stand and dropping the email provider is one option, but in an industry where double opt-in is a rare practice, how easy is this option? We’d love to hear your thoughts on the MailChimp saga, or indeed any spam-related news — team@ondmarc.com.

PUBLISHED BY

Clare Holmes

27 Nov. 2017

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Thought Leadership

How the EU can mandate for stronger email security

Antony Seedhouse

Executive summary: The article examines how the EU can proactively close email security gaps by leveraging the NIS2 Directive to mandate robust, harmonized standards like DMARC, DKIM, and SPF across all member states. By acting now, the EU not only protects its digital ecosystem but also sets a global benchmark for cybersecurity best practices.…

Read more
News

Europe’s #1 for DMARC: Red Sift OnDMARC does it again

Francesca Rünger-Field

G2’s Summer 2025 Report has landed, and we’re proud to share that Red Sift OnDMARC remains the #1-rated DMARC solution in Europe. This marks another strong season for OnDMARC, with continued recognition across G2’s category reports. We were featured in 18 reports this quarter, taking top spots in the Mid-Market Results Index and Mid-Market…

Read more
Cybersecurity

Healthcare and cybersecurity: 73% of breaches lack DMARC enforcement

Faisal Misle

The healthcare sector has become a target for both low-level and occasionally spectacularly successful cyberattacks. Hospitals, insurers, medical supply chains, service and medical providers are prime targets for threat actors, with email phishing attacks, ransomware, and data breaches on the rise. In 2024, 94% of U.S. healthcare organizations experienced a cyberattack, with the average…

Read more
BIMI

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more