I am actually considering not sending a confirmation email. Every maillist message already includes an immediate unsubscribe list, and I thought perhaps to add a small note at the bottom of subscriber's first email, something like
You are receiving this email because someone (presumably you)
subscribed $(email) to the $(maillist-name). Subscription
request was received from a network address of $(ip) on $(date).
If you did not request this subscription, or would like to be
removed from the maillist for another reason, visit this link
to unsubscribe - $(link).
A bit of a mouthful, but essentially this simply piggy-backs the confirmation request on an actual mailing list message. Thoughts?
If you skip second step - there is a risk that email ends up in spam folder and is constantly delivered there.
Another risk - user did not really request your subscription. That would often result in your emails being marked as spam.
Yeah, I guess the biggest issue is someone plugging in firstname.lastname@example.org just to test the subscription form, and then actual John getting a maillist message and tagging it as a spam. The question here is if the same John would or would not tag a plain confirmation message as spam too, and I suspect that he would, in which case what I wrote above is no worse than a double-opt-in in edge cases.