When is single opt-in acceptable?

Single opt-in can work when you have robust hygiene processes compensating for the missing verification step. This includes real-time email validation (syntax checking, domain verification, known-bad address filtering), CAPTCHA or honeypot fields to block bots, and aggressive early-lifecycle suppression of bounces and non-engagers. If your backend catches most bad addresses that DOI would have filtered, SOI's friction reduction may be worthwhile.

SOI is more defensible for low-risk, high-volume scenarios where the cost of false positives from DOI friction exceeds the cost of some bad addresses. Massive consumer brands with sophisticated data operations may find SOI acceptable; smaller senders without hygiene infrastructure generally should not. B2B contexts or high-value relationships typically benefit from DOI's verification regardless of scale.

Consider jurisdiction: GDPR doesn't require DOI, but it does require proof of consent-and DOI's confirmation click creates better documentation than SOI's form submission alone. If you're ever challenged to prove consent, DOI provides clearer evidence. Single opt-in is acceptable when your hygiene systems are sophisticated enough to filter what DOI would have caught, and your legal risk tolerance accommodates weaker consent documentation.