Taking one step forward and two steps back with the spam problem

Just as it seems we’re getting a handle on soaring levels of spam emails a key tool is changed for the worse

By the end of Q3 this year, just under 60% of email was deemed spam. That’s almost two in every three emails being a nuisance, or potentially dangerous to global email users. Businesses really don’t want to contribute to the problem by creating “noise” in people’s inboxes, instead we want to focus on improving deliverability and ensuring our customers receive relevant communications from us.

Most companies, and in particular marketers, rely on bulk email services to manage the distribution of our email messages, and until now, we’ve had one provider in our corner, doing its best to reduce unnecessary emails flying about the internet.

Monkeying around with email

However, in October, MailChimp, had a change of heart about its opt-in settings for subscribing to emails, moving from a double opt-in process, to a single.

So what does this mean? By changing subscription settings to a default single opt-in, a person now only needs to enter an email address and click subscribe to join a MailChimp list. Compare this to the double opt-in method — where a subscriber had to verify they wanted to subscribe via responding to one-off email they received — and you can see why “spam” email volumes may quickly increase.

The omnipresent GDPR

Needless to say by removing this verification process, people weren’t happy. Double opt-in is a necessity to prove consent was actually obtained from an email address owner under the upcoming GDPR regulations. MailChimp’s change provides an array of possibilities for hackers and bots to easily access newsletter subscriber lists, meaning you could see hundreds of new emails in your inbox daily. Facing backlash in Europe specifically, the company decided that if the primary contact address was in the EU then existing forms would remain double opt-in. Great news for .co.uk email addresses, but what about users of Gmail where it’s difficult to determine location?

An e-mail u-turn

The incident brings to light the ever present dangers facing email security today, as well as the battle that so many brands face with email deliverability. MailChimp argued that double opt-in rates have slipped to 39% and that consumers no longer expect this step. While this may be true, the industry trend hurts privacy and security and goes against what the service had previously stated about the importance of authentication.

It wasn’t so long ago that MailChimp lauded double opt-in as a safeguard against bots, scammers and everything in between. This new default behavior does quite the opposite, and although opt-in will increase in the short term, longer term organisations using MailChimp will likely face an increased number of people unsubscribing from email lists. Furthermore, we’re likely to see spam rates soar as a consequence. Single opt-in enables spam bots to plug your email address into any number of sign-up lists and and in effect, DDoS your mailbox.

There’s very little that users and security advocates can do about this — taking a corporate stand and dropping the email provider is one option, but in an industry where double opt-in is a rare practice, how easy is this option? We’d love to hear your thoughts on the MailChimp saga, or indeed any spam-related news — team@ondmarc.com.


Clare Holmes

27 Nov. 2017



Recent Posts


Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more

Red Sift ASM & Red Sift Certificates: the missing link in your…

Billy McDiarmid

According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…

Read more

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more