Hacker News new | past | comments | ask | show | jobs | submit login
I can no longer recommend MailChimp (grahamcluley.com)
224 points by svacko on Oct 31, 2017 | hide | past | web | favorite | 146 comments

From MailChimp's second post[1]:

> More and more business owners are bringing up double opt-in. What they’ve been saying is that double opt-in is not an easy journey for their customers. Some go so far as to say that double opt-in is “broken.”

I would go so far as to say if customers cannot be bothered clicking one confirmation link in an email, they didn't really care about your newsletters.

[1] https://blog.mailchimp.com/why-single-opt-in-and-an-update-f...

If it isn't confirmed opt-in, it's also possible your subscribers didn't even sign themselves up.

Side note: Anyone who calls it double opt-in has a whiff of 'spammer' to them even if they're not. Confirmed opt-in is a more accurate term as without that confirmation click in the initial email, there's a chance the subscriber didn't sign themself up. There are quite a few 'email bomb' services that will sign a target email up for 1000s of 'single opt in' newsletters.

This, and typos from people who can't quite spell their email address. We don't call username + password "double login" and username without password "single login" for the same reason.

I even use the term "double opt-in" when ranting at companies that don't use it. I guess I'll switch terms to confirmed opt in, but I'd never heard of it until today, so I'd be careful with that brush.

If you were around and doing legit email newsletters 15 years ago or doing antispam configurations, the term was 'confirmed opt in' or 'verified opt in'. Email marketing firms schemed to use 'double opt in' to make it seem more onerous and draw attention away from the fact that 'single opt in' meant 'unverified opt in' that was vulnerable to email bombing utilities. Sadly, as the email marketing firms do most of the talking about it these days, many people only know the term 'double opt in'. But for folks like me that were both advising legit businesses on email newsletters and working with ISPs to block spam, 'double opt in' always harkens back to the code spammers or spammer-adjacent folks used.

I'm curious, how does the law, for example in Germany where it is required, call double opt-in/confirmed opt-in?

Most pieces in English are using the terminology they use for other things. So, email marketers call it 'double opt in' and privacy activists and anti-spammers call it COI.

Anecdata: Have handled sign up forms with double opt-in for many companies in Germany for over 10 years and have never read "Confirmed opt-in", everyone uses "Double Opt-in" to mean "input email, get confirmation mail, no further emails sent until confirmation link clicked".

BTW, the German Wikipedia page lists the term, but the paragraph confuses me a little as it has it exactly backwards as was just mentioned:

"Das „Double-Opt-In-Verfahren“ ist vom „Confirmed Opt-in“ zu unterscheiden. Beim „Confirmed Opt-In“ wird an die eingetragene E-Mail eine Bestätigungs-Mail ohne Bestätigungslink geschickt. Der Verbraucher müsste dieser Mail widersprechen, um keine unerwünschte Werbung zu erhalten. Teilweise wird der Begriff von Spammern missbraucht. So nehmen manche Spammer in Anspruch, „Confirmed Opt-in“ zu betreiben, wenn ein neuer Empfänger eines Newsletter-Abonnements nach der Eintragung eine E-Mail zugeschickt bekommt, in der er auf das soeben getätigte Abonnement hingewiesen und davon in Kenntnis gesetzt wird, wie er das Abonnement wieder beenden kann."

(feel free to google translate the blurb, translation's ok)

I used Mailchimp to collect email addresses for an beta user waitlist in 2015. I eventually used a work-around to disable double opt-in because so many users had signed up, never clicked the confirmation email, and were then confused why they never received access to our product when others had.

As a user I also prefer single opt-in. If I sign up for something, I want to be signed up. Clicking confirmation links is an annoying extra step.

Here's the thing, though.

As a user, if I start getting your mailing list emails because someone else decided to sign me up and there was no confirmation, I'm going to mark it as spam.

That should be a minimal number of cases, reduced further by having a big clear one click unsubscribe option.

It always amazes me the business that make unsubscribing difficult. That is the real way to get placed in spam.

I'm not clicking an unsubscribe button on something I didn't subscribe to. I have no way of knowing if it will unsubscribe me or if it will tell the sender "Hey guys! This is a real email address! Send him more spam!"

Clicking unsubscribe isn't the only way to know if the email is good. If your email client loads images then it will be known if you opened the email which will also give your IP, geolocation, device type, client name, user agent, etc.

Depending on your email provider if you mark it as spam that could also be known by the sender if your provider supports the complaint feedback loop.

Here are the docs to see what info is available when sending through mailgun.


Most clients don't load images by default. The big providers (gmail and the like) certainly don't.

With Gmail's web interface, it's more complicated than that. Images are loaded by default, but only through a proxy: Google's servers go fetch the image for you and then serve you the image. They only do this once you open the email. So you do leak whether you opened the email, but not your IP address, browser headers, etc. Here's a blog post from 2013 about it: https://blog.filippo.io/how-the-new-gmail-image-proxy-works-...

That's what I've always heard and I can only speak to my personal experience on this, but we track open rates on our marketing emails and have a 36% open rate historically. I'm sure this isn't everyone who is opening them as some percentage have images disabled, but to me this says that a large percentage of our clients do have images enabled as I doubt our actual open rate is tremendously higher than what we are seeing reported.

...or worse: send you to an infected URL and pwn you

Should, but isn't. I have idiots who think they have my email address sign me up for shit constantly. Don't put the onus on me to unsubscribe from some scammy crap. I've never forgotten to opt in to something I actually wanted, so the "minimal number of cases" actually applies to double-opt-in being hard. The frequent use case is stupid or malicious people spamming me with a list owned by an irresponsible owner. Which is now turning into "every MailChimp list owner except those who actively opt out of this crappy system." Ironic.

I don't care how clear the unsubscribe option is, if I didn't specifically subscribe, it gets marked as spam and reported.

Why would that be minimal? If I’m your competitor, I’m going to sign up my colleague, and have him report you for spam. And I’m going to loop this until you lose your mailing privileges.

Too late, enough businesses have screwed up the unsubscribe system that now I mark every mail as spam and let the spam filters take care of it.

I don't care if the unsubscribe links works or not, I already have a faster path.

Does anyone trust the unsubscribe link in apparent spam, though?

I'm pretty sure clicking the unsubscribe button says "hey, this email address you obtained is real and active!"

That feels very "20 years ago" to me. They've got plenty of other ways. Don't get me wrong, I'm a bit careful with them but because I'm used to being signed up to lists by a handful of stupid people who don't know their email address, I can basically anticipate what regions of the world my spamlists will come from, and I generally have a good feel for what's legit or what's not. I use the unsubscribe link often for these things.

Many less technical folks do. If I never signed up, I'm absolutely not clicking an unsubscribe link.

that never happens though

There is a guy who has a name similar to mine, who tends to enter my email address everywhere. So best case I just get his signup mails (multiple times because he doesn't understand why he doesn't get them). Worst case I'm signed up for yet another spam list.

They better not be complaining that their reputation is bad because I keep reporting their unconfirmed junk.

If clicking a link is too hard for you, tough.

I have to say I welcome the double opt-in. There have been too many purchases online where I was signed up for a newsletter I did not ask for.

That is not problem of Mailchimp, it's problem of culture and "best practices". It's really annoying and it became annoying long before this change.

I receive lots of such emails not only from Mailchimp. At least Mailchimp has one-click unsubscribing, most custom-built mailing list systems don't have it, requiring to log in or just not working.

The problem with Mailchimp is:

- Spam filters work mediocre, despite AI hype. I think they are still based on linear regression on bag of words or something like that. Instead Gmail blocks your server if it sends mail for the first time instead of being large company's server that already sent 1e100 emails.

- Mailchimp exploits this. You can't send email on your own and have to buy their service. It also spreads additional FUD that you must use it, otherwise all your mail goes to spam.

- Gmail treats Mailchimp as privileged sender so if I mark promotional emails from hottest startups as spam, new similar emails are not sent to spam folder.

- Hottest startups know this and subscribe you to all their mailing lists each time they got your email.

> most custom-built mailing list systems don't have it, requiring to log in or just not working

Does this violate CAN-SPAM?


> You can’t ... make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request

It's sometimes grey. One example I can give is Expedia, which provides me with a monthly 'Your [Month] Statement is Ready'-type of thing, even though I've maybe used the service once in my life to buy airplane tickets. You can't unsubscribe since it's not 'marketing' and e-mailing support didn't help either. Yet, it's marketing, because they offer promotional links ("earn free yadda yadda") and has Citi advertising below it.

Another one is 'Oh, wow, you've been getting some profile views!' that LinkedIn and other like to do. That's indirect promotion of their services. Couched as a reminder.

Today, after not logging into Facebook for a while, received an e-mail that someone commented on their profiles. Another of the same.

It can be argued that these is all a form of promotion, but this would take a less-business-friendly political climate to accomplish, if you ask me.

LinkedIn has been one of the most infuriating CAN-SPAM violators for years. So many startups do too. "Growth hacking" is probably a net negative to society based on all the spam it produces.

Facebook themselves require you to log in to unsubscribe from emails. If you've disabled or deleted your account, you still get spammed daily, and there's quite literally zero way to unsubscribe.

If you’re on Gmail, you should mark it as spam, that’s what it is. You’ll also end up blocking that address.

If you run your own email server, black hole the Facebook.com domain.

I think most of Facebook's email comes from facebookmail.com.

"if people start to complain about it, we'll just say we didn't know and that we're sorry"

-- my former boss

CAN-SPAM only applies to promotional/marketing emails.

One workaround is to use disposable email addresses when signing up to anything online, like https://forward.cat

As I run my own mail server, what I do is always creating an alias, usually named after the website I subscribe. Like expedia@mydomain.com for example.

This way I can stop unwanted mail if unsubscribe does'nt work by deleting the alias.

It also help to see who is selling your email.

For example, some years ago, I had the problem with bitdefender, as I subscribed as a reseller (!). I explained what I thought about it to my sell representative, who couldn't find a decent explanation. And stop selling their product. And destroy the alias.

Why not spamdecoy.net? It does the same thing and you never give your real email to anyone (though forward cat is open source so it's probably ok), and you don't have to set up anything before you use the temporary email.

> (though forward cat is open source so it's probably ok)

Curious about this - how can you have an 'open-source' service? I'm not compiling or running the software, and I have no idea what their software is actually doing because there's no way to verify that it's the same as what's been open-sourced...

tempmail.de (http://tempmail.de/) do not ask you for your real email adress

Is this going to affect MailChimp's deliverability? It seems like it would, my understanding is the reason most relays and blacklists are so lenient with MailChimp is exactly because of their double opt-in policy.

Looks like they're ultimately throwing their long-term business under the bus for a short burst of extra cash.

Absolutely it will.

If you use MailChimp and care about deliverability, I would recommend you begin looking at alternatives (if you haven't already).

Don't most other providers already do single opt-in by default already anyway? Really, MailChimp is just sinking to their level. It's not all of the sudden worse than alternatives, right?

> Don't most other providers already do single opt-in by default already anyway?

Yes, most others have already switched to single opt-in.

> It's not all of the sudden worse than alternatives, right?

No, they aren't all of a sudden worse than the alternatives. They were already worse and they're certainly not going to improve as a result of this change.

I manage several e-mail servers and will be watching very closely -- even more so than usual -- the amount of spam coming from MailChimp. I usually start out by blacklisting individual IP addresses but if this becomes a big problem, I will simply blacklist them entirely and be done with it.

I've had two "incidents" in the last week or so with MailChimp that they have shown little interest in "fixing" (unrelated to this change) so I'm already inclined to do exactly that.

I suggest the same dirt will attach to one's reputation if using Mandrill or Tinyletter, both of which are Mailchimp subsidiaries and share outbound address ranges.

I'd assume so. More potential fake "subscribers" mean more bounced email and higher volumes which could be used as a early warning indicator for spam or reputation flagging. Slightly related, but I've noticed countless delivery issues with Mandrill, Mailchimp's transactional service. Their portal claims messages have been delivered, but many organizations relay back to us that their message never made it past the mail gateways.

It makes me wonder if they are trying to goose their revenue in order to sell the company sometime in 2018.

> And a small number of these people might think it's worth their effort to sign up my publicly-available email addresses to hundreds, no... thousands of legitimate newsletters and mailing lists that I have no interest in.

People do that to my email, too, but they call themselves "growth hackers".

"double opt-in" is a term I'm used to hearing in a pejorative way from the pro-spam side. The anti-spam side calls it "confirmed opt-in" which I think is a more accurate description.

Anyone calling it 'double opt-in' has the whiff of being a spammer even if they aren't one. If you're not checking that the subscriber clicked the "yes I want this" link in the email, anyone can subscribe anyone they want to your mailing list. There are tons of 'email bomb' services that will 'subscribe' a target to 100s or 1000s of newsletters that don't confirm opt-ins.

> Anyone calling it 'double opt-in' has the whiff of being a spammer even if they aren't one.

Wow, I'm kinda surprised to hear that because I manage several e-mail servers (for thousands of users) and I am about as anti-spam as one can be. I'm certainly way more aggressive in spam filtering than most others I know.

I run my own RBLs (shared across several different systems); I have spamtraps and keep a handful of domains registered solely for that purpose; I do tarpitting; I will blacklist domains and IP addresses -- or ranges of addresses -- at the drop of a hat; and much more.

Until reading this thread today, I have never even heard the term "confirmed opt-in". "Double opt-in" is what I've always heard it referred to as and so that's what I've always called it. As I said, I'm about as opposite of a spammer as one can be.

You should be careful about making such broad generalizations or accusations.

Years ago, email marketing companies schemed to use the phrase 'double opt-in' to make the process seem more onerous ('ugh, double the work is so unnecessary, right?') even though the original term was 'confirmed opt in' or 'verified opt in'. That original terminology was specifically chosen because without it, there's no way to know if the email address typed into that online form was someone legitimately signing up or not. Especially when email bombing was much more popular 15 years ago. Sadly, many folks only know the 'double' term these days. 'Double' is more commonly used today since email marketing firms do most of the talking about it. For instance, "confirmed opt in" has 92k results in Google while "double opt in" has 438k. It's much the same as the way the gambling industry rebranded themselves as the 'gaming' industry. Although in the case of 'double opt in' it's been more successful.

They haven't "gone bananas". Removing double opt-in means more subscribers, which means higher revenue for them. Their revenue is based on subscriber counts, no matter how they were obtained.

I hope everyone else does what I do: any bulk emails I did not subscribe to get marked as spam in gmail. Even a company the size of mailchimp can't cycle and "warm" email servers fast enough if a critical mass of people are tagging unsolicited emails.

It doesn't matter if they believe that it's higher revenue, GDPR requires consent from the data subject [1] to process personal data. An email address is personal data under GDPR. You can't guarantee consent with single opt-in.

[1] https://gdpr-info.eu/art-7-gdpr/

Even without GPDR single opt-in is already insufficient in e.g. Germany. If you send a newsletter to some lawyer and can't prove consent you might just get a C&D with statutory damages back.

Does this fall under mailchimps responsibility or the company using their services?

The short answer is both.

There's a somewhat longer answer about how MailChimp would need to make the company agree to a separate contract around liability issues, as per GDPR requirements.

Yup, the "Spam" button is a true signal. A company I worked for had problems with the number of times people hit 'spam' on the emails (not even a newsletter, but transactional emails), and AWS SimpleEmailService put us on probation. I got to write a worker task that would consume the queue of "someone marked you as spam" from SES and remove them from our email list.

Forgive the naivety, can you explain a little? From what I understand from this:

You sent emails from AWS to subscribers.

Some recipients hit the spam button in Gmail.

You received a message for every email that had been flagged as spam, including the recipient details.

Is that correct? What exactly happens when I hit the spam button in Gmail?

Yes that’s correct. Email senders are informed when you mark email as spam so they can add you to an unsubscribe list automatically.

This is very odd. I thought the "mark as spam" button was entirely within Gmail. I had no idea it sent a message to the email sender. Is this standard? It seems counter productive, since it confirms the spam was received. I want it to fail silently and disappear forever.

What should I be doing, to achieve silent spam disposal within Gmail?

I hope I don't have to set filters myself, that would defeat the entire purpose of a smart system that learns to recognise spam.

Edit: we're talking about "mark as spam", not "unsubscribe", right?


Sounds like an easy way to verify active email addresses.

It is! But it's better just to check the SES queue for "email was delivered".

Yeah the SMTP protocol handles verification of mailbox existence already.

Gmail parses the email for an unsubscribe link and asks if you want to unsubscribe. If you say yes, it follows the link for you.

See this: https://lifehacker.com/5319723/gmail-offers-to-automatically...

Yes, although I'm asking about marking spam, not unsubscribing.

That's when Gmail prompts you...when you initially mark it as spam.

The next time you get such an e-mail, look through the headers (available via "Show Original" in Gmail, IIRC) for a "List-Unsubscribe:" header.

This value will usually be an HTTP URL (it can also be a "mailto:"). That (unique) URL (which is tied to your e-mail address) is then followed in order to unsubscribe you from the list.

Apologies, I'm a little confused. How would a transactional email put somebody into a mailing list so that they could be removed? Shouldn't they not be in the list in the first place?

The transactional email wasn't adding someone to a newsletter. But you can mark 'spam' on any email at all, and some people felt that our anniversary-of-them-signing-up emails or "you've had a problem being billed" emails were spam, so they hit the button. idk man! People are crazy.

We also had marketing emails through mailchimp, but they were totally separate systems.

Ah. I'd have marked the former as spam too (it's an advertisement reminding the recipient you exist, not something in response to a transaction just committed / something they did), but the latter seems plenty safe.

But then, I have no idea how you'd be correlate the transactional mail to the marketing mails anyway (I'd use separate addresses for that). If somebody added my address to a list I didn't sign up for, any mail from them would just be a reminder they did so... It wouldn't be hard to imagine somebody marking everything in the future as spam automatically after glancing at the sender name.

As someone who gets a lot of newsletters from idiots who still think they own the GMail address I've had for 13 years, I'm always afraid marking things as Spam will hurt my experience more than the spammers -- eg, I'm worried it'll lower my account's spam threshold and cause more false positives in my spam folder (which i never, ever check.. and on the rare occasion I do, I occasionally notice I've been 'missing' a newsletter I should have been getting for years).

Any comments as to how this works? I've happily used the spam button on many occasions, but I'm always a little gunshy.

Are there actually any newsletters that you genuinely _want_ to receive?

Personally I’d be really pleased if I could tell Gmail to simply ignore anything even remotely newsletter-related, as I would never voluntarily subscribe to one.

Yes. Just searching "mailchimp" alone in my gmail inbox, I see stuff from a couple of local wineries of which I'm a member, another winery which I used to buy a gift subscription for my mom, a distillery, a couple of local running groups I sometimes participate in, ... the list goes on.

In the short term, probably more revenue. But once they race to the bottom of deliverability rates (like SES, for example), MailChimp will forever have lost it’s major defining feature: emails that actually make it to the inbox.

I suspect they would use different IP addresses for deliverability depending on a single or double opt-in subscription in order to manage that risk. That would be the sensible think to do at least.

That might work against the primitive RBLs like SpamHaus, that rely on DNS-style blacklisting.

In the world of carrier-grade email providers, they outsource spam scoring to one (or more) of a selection of about 3 vendors (Symantec, CloudMark come to mind). These systems also score against the sending domain, among a number of other factors. Source: my best friend is a lead engineer at a carrier-grade email provider.

And playing whack-a-mole with changing sending domains is ill advised as that will lose the benefit of any whitelisting occurring client side.

What exactly is a carrier-grade email provider?

ISPs/free email at scale (Gmail, etc). Think billions of messages per day. Or where the majority of any audience of an email list receives their email.

I'm curious to see how many of their German customers don't realize they have to explicitly set this now. Here, your competitors can you sue/"fine" you for having single opt-in only.

By observing the behavior of Google’s spam filters (what lands in the spam folder and what doesn’t) you can clearly see that Google is not doing an effective job at applying generally to all users what it learns is deemed spam by some other users. Otherwise it wouldn’t flag its own Google News Alerts emails for example and many other legitimate emails as spam. So your efforts might not be having as great an effect as you think. But it should affect your own mailboxes at least, and maybe that’s enough.

Agreed and worth noting that companies could always elect to use single opt-in with MailChimp lists by running sign up forms via the API.

For my fellow mail server administrators:




Those are the ranges you'll want to add to your blacklists.

Blacklisting would be pretty irresponsible, greylisting maybe.

On my servers, they are already greylisted (almost everyone is, by default). Greylisting works very well against most spammers, hijacked PCs, etc. (I use "spamd" [0] from OpenBSD, which also makes blacklisting very easy, FWIW).

In MailChimp's case, the only thing that greylisting would accomplish is delaying the amount of time I wait to get their spam^We-mails.

[0]: https://man.openbsd.org/spamd.8

Wrong terminology, my bad. I meant adding a rule for MailChimp origin emails that increases spam score but doesn't necessarily doom the message alone. Dropping their mail altogether would definitely cause some legitimate messages to be lost.

Not a flippant response:

Curious why this isn't the default mode of operation:

  - Business sends spam
  - Gmail users mark spam as spam
  - Gmail starts putting all emails from business as spam for all Gmail users
  - Business fails
  - New businesses don't send spam
I can't imagine Gmail being in bed with spammers since Gmail gets paid when spammers pay Gmail to put spam on top of all your emails, not when spam is in your emails.

New domains are cheap.

You don't spam from mybiz.com

You spam from mybizmail.com, mybizmarketing.com, mybizoffers.com, etc.

Is that really the problem though? Most of the junk that makes it into my mailbox are from real businesses that probably stands to go bankrupt if they had to change their domain name. But they all have to spam because that's what the market does now to win.

Facebook notifications come from facebookmail.com, CarMax spams from email-carmax.com. AT&T uses att-mail.com. And so on.

They don't all do it, but many do.

And if they burn their main domain, it's an easy option.

There's another thing going on here.

Over the last 24 hours I've reported a half dozen accounts that have flooded our domains with fake statements and links to Mailchimp hosted .js malware downloads.

This has never been a problem before but right now it's out of control. Noone signed up for, what I'm assuming is, hacked newsletters on hacked mailchimp accounts, and suddenly anyone on any address list is now on the receiving end of this garbage.

This only affects signup forms hosted by MailChimp. If you build your own form and use their API for signups, there has never been a requirement for double opt-in.

So I don't know if this is such a dramatic change -- depends on how many people use the default forms instead of an integrated signup experience.

Yeah, don't understand some of the responses which seem to assume this change will make MailChimp any more spammer-friendly. If you want to spam with MailChimp (or for that matter most other list providers) you import the long list of people you want to spam in csv form and disregard warnings about only importing emails from people if they've previously expressed interest in receiving notifications from you. Double opt in for new signups makes no difference.

MailChimp's ability to be regarded as a non-spammy mailing list provider depends mainly on them weeding out customers who import lists of people who haven't expressed any interest to indiscriminately blast mailshots, not on requiring an additional step after an individual actually visits a website, types in an email and clicks a button sending a post request to the mailing list.

The concern here is revenge-spam: someone takes your email and submits it to every mailchimp default form they can find automatically, and then your inbox is flooded with ostensibly legitimate email that you have to manually unsubscribe from, for each individual list.

I understand the concern on an individual level as expressed in the article, but doubt "revenge spam" even moves the needle with mail providers' decisions on MailChimp mails get through or not, which is the primary concern of people worrying about its deliverability.

Time to shitcan mailchimp in my mail server I guess

Honest question here, does anyone actually want to receive newsletters?

I don't think I've ever set foot in the 'Promotions' tab in my Gmail account, other than to delete everything in it.

Yep. I receive newsletters from several merchants whose stuff I regularly buy. I like getting coupons and information about new products. This is stuff like coffee and chocolate, mostly foodstuffs that I consume regularly.

I delete most of them after reading, act on maybe 1 in 4.

I'd be very surprised if my behavior here was atypical for consumer behavior.

Some of my favourite "blogs" are only available in the form of e-mail newsletters. patio11's post-BingoCardCreator blog, for example, only existed as a newsletter (with non-indexed webpage alternates) for the longest time—though I see that there's now an index (http://www.kalzumeus.com/archive/), complete with RSS meta-tag.

In other cases, newsletters can serve as a sort of low-volume link aggregator. I'm subscribed to the http://elixirdose.com newsletter and end up with a few Elixir-related articles to read each month.

In other cases, it's just fun to follow regular company newsletters, because those companies are essentially soap operas in progress. The http://zenmagnets.com newsletter is 90% about their ongoing legal battle against the Consumer Product Safety Commission.

And, every once in a while, I appreciate getting informed that a product/service I've built something on top of—but which I'm not actively building on right now (i.e. I pay them money every month, but I never go to their website)—has new features, which might inspire me to build something else on them. I like getting announcement emails from {AWS, DigitalOcean, Twilio, etc.} for this reason.

My blog and newsletter are ~separate, FWIW. As far as I am aware I do not have an RSS or single page listing the newsletter archive.

The ones who sign up for them do.

I read Javascript/Node/goweekly.com newsletters in their email format. The Phaser.io newsletter is another. I think you're more the outlier than the norm.

I get newsletters for a few music labels to see their new releases. I also get announcements for local music shows.

What reliable service should one use then? MailChimp is still pretty much the go-to option for me

SendGrid for transactional email, https://myemma.com/ for newsletters (although I don't think Emma do double-opt-in by default).

We've seen problems from time to time with sendgrid and mailgun IPs getting blacklisted. Moved to Postmark, who are super-strict about transactional email only, and we've not had trouble since.

I've been recommending Postmark for transactional email and one of the others for newsletters.

Sailthru has been great.

Sendgrid is solid.

I tried using it once. It did not seem solid. It didn’t support 2FA, and required my actual account username and password to send email from the server.

2FA has been supported for years at this point at SendGrid.

Edit: and API Keys are the recommended way to interact with SendGrid APIs

How hard can it be to send an email? Why pay $$$ for it?

For deliverability, which is pretty good on Mailchimp.

However I think that send emails out using the gmail API or the Amazon SES might be the way to go. Also depends on what you are doing, I think that those that over analyse the mail openings are getting it wrong, focusing on the wrong metrics. You should be focused on the sales metrics not be navel gazing in newsletter software. Content is king, get that right and again, focus on that, not the analytics.

>How hard can it be to send an email?

Are you serious? Sending an email is really easy. Actually having the remote deliver it to the remote mailbox is the problem.

We use Mailchimp for B2B newsletters and have several thousand subscribers in our lists. This is the first time I hear anything about this. No mails whatsoever although I am a German user.


So, MailChimp will make more money, as users get more unwanted emails, and clients have to pay for it.


You can actually get your entire domain blacklisted on Mailchimp if you want. Absolutely nothing will be sent to any email on the domain.


Click “legal & privacy questions”, then “access our contact form”

I wish MailChimp (and others) would stick with double opt-in.

However, if we've lost that battle, it would be nice if they gave a user the option to require double opt-in on their email before being added to a new MailChimp list.

Come on, this should be really easy to fix. If MailChimp is really sending you so many emails that you are upset with their service, you should be able to make your own MailChimp account and tell them that your email address requires double opt in. Or you can make a rule for their MX to end up in a special folder. Or they can detect a well above average number of lists for a single email address and trigger double opt-in for that address. This is a problem for a vast minority of users.

I wish there was a non-consentual way to force businesses to continue needed products and services. The narrative lately (especially here on HN) has been seemingly nothing but firms watering down --if not sunsetting-- valued products and services for their own seemingly selfish ends.

"Business isn't charity" -- maybe it should be. At the least we'd get more service-oriented folks in charge, instead of the current crop of profiteering assholes that infest these lands.

Form a German perspective, that was a pretty close call.

As the article states, in places like Germany, double opt-in (or an equivalent) is mandated by the application of German (or even EU?) law.

If they had really gone through, they would have put their German users into a legally vulnerable position.

The rudeness of meddling with customers' settings notwithstanding, this kind of lapse is inexcusable from a company specialising in mailinglist delivery.

I recently set up a mail server with DKIM, SPF, DMARC configured correctly. After spending a day fighting with major email services to not mark my emails as spam, I really saw the value of email service providers. But the damn prices...

Are there any alternatives to traditional email that could potentially replace it in the near future?

If you are starting a new bulk mail service, you have to be very careful about the IP address. It can't be from a known suspicious IP range (e.g. any part of Amazon EC2). It can't be an IP that already has a bad reputation from a previous service running on it. It can't be an IP that is currently running a bunch of other services and sites.

Even then, you have to "warm up" the IP by slowly increasing the send volume from it, over about a month, while maintaining low spam scores.

It's a pain in the ass, which is why email service provider is a business model.

There are alternatives to email, like targeting and boosting social media posts. But generally speaking, they are all more expensive than email, even taking into account service provider fees.

I find that odd as after I set up my email server I haven't had any issues. I'm not trying to discredit your experience, but I just never had that issue myself. Is it possible that you've got an IP that was previously used for spam?

I believe this benefits MailChimp's business model. They charge based on how many subscribers are in your lists, so a single opt-in increases how many people sign up and therefore how many people they charge for.

I'll be leaving MailChimp because the cost outstrips the value as our list has grown.

Would be nice to have some sort of do-not-call list equivalent for email mailing lists, or at least something that forces double-opt-in on the receiving end. Too bad we're not MailChimp's customers so they could care less really.

Couldn’t care less?

Oh ok. Thanks.

Not a user but does single opt-in "by default" imply there is a setting to flip it back to double opt-in? If so, flip the switch

Correct - they state you can still use double opt-in if you want to.

Lots of competitors only use single opt-in & have more favorable policies for list owners. I'm not sure they have a choice.

I imagine it can't be the most profitable market to write spams in Cantonese.

[subtitle: it's like sending spam in Glaswegian]

I had no idea MailChimp ever used any sort of opt-in. More than half the MailChimp-delivered email I get is spam.

They are just changing the setting, and creating a new default. Not sure why a user of MailChimp would feel the need to switch, or complain they "only" have 7 days to switch the setting to what they want. That's not an unreasonable burden.

This is explained near the end of the article:

Changing the settings for my own mailing list (which of course, I did) isn't actually a solution. Sure, it stops toerags using my newsletter as an email bomb but it doesn't stop many more MailChimp-run mailing lists switching to a system that will increase the amount of unwanted emails flying around the internet.

As a marketer, one of the issues I run into is to subscribe someone, who filled a contact form on my website, to an email automation series (usually to nudge them towards taking an extra action while we scramble to get back to them). Problem is, once the user filled up the contact form to make an enquiry, he is unlikely to go to his/her inbox to confirm... a subscription link.

I do think double opt-in is the way forward (as outlaid in the article), but having that single opt-in option for some special cases is necessary from a business point-of-view.

Overall, pretty good compromise by Mailchimp.

> Problem is, once the user filled up the contact form to make an enquiry, he is unlikely to go to his/her inbox to confirm... a subscription link.

Or, worded another way: the user really doesn't give a damn about your subscription.

If they can't be bothered enough to take a few seconds to open one e-mail message and click on a single link, then whatever you're offering obviously isn't something that they actually want.

As a non-marketer, it seems to me that marketers would want something like double opt-in -- just so that you can ensure that those on your list are people actually interested in $product. Or is it more about the quantity of users on your list and not the quality of those users?

My (somewhat glib) opinion:

Marketers want quantity; salespeople want quality.

It's because that's what each one is paid for -- and so companies end up paying too much for marketers to undercut their salesteams' effectiveness because they misaligned the incentives, pay for marketing they don't need (or even harms them!), and then sit there wondering why it's not translating into sales (or worse, saturates salespeople with duds and costs sales).

I used work in marketing and my (slightly exaggerated) opinion is you should fire everyone on your marketing team, hire more salespeople, a socialmedia person, and maybe a single dedicated person to track overall sales performance.

But what's the point of marketing? You should be selling from that first contact -- and if you have two teams doing the same job with differing incentive structures, no wonder your organization is inefficient and pulling at different goals.

As a non-marketer, you presumably have not had the experience of customers being mad at you because they thought they signed up for something but never got it.

Email marketing has got to be one of the top "HN readers are not like most people" subjects that get discussed here. Most people do not go through life in a defensive crouch about their email inbox. They sign up for things on a whim and then unsubscribe if they don't like it.

Double opt-in works well for some audiences but definitely not for all. And BTW it's been possible to operate Mailchimp as single opt-in via API calls for a while now.

> customers being mad at you because they thought they signed up for something but never got it.

Yea, the customers never got it because 10 other people on your domain reported it as spam and the whole thing gets black flagged on the server and dropped at the SMTP connector.

This entire thread says one thing.

"Marketing emails are dead, Mailchimp is trying to boost their numbers so they can sell before everyone else realizes it"

This doesn't really affect the scenario you mentioned.

Previously users entered their email just once, and had to confirm newsletter subscription via email. They didn't need to fill in a second form or anything, just confirm they wanted to sign up by clicking a link on an email they get.

I don't really understand the use case. Can you clarify?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact