The double opt-in, DOI for short, is a two-step process for confirming a consent. In the first step, a person enters their data and agrees, for example, to receive marketing or a newsletter. In the second step, they receive an email containing a confirmation link. Only clicking this link completes the process and makes the consent verifiable.
The purpose is twofold: on one hand, it checks whether the email address provided actually belongs to the person. On the other hand, it creates a documented record that the consent was given deliberately.
Single opt-in versus double opt-in
With single opt-in, entering the form is enough, and there is no email confirmation. That is convenient for the person but hard to prove and prone to wrong or third-party addresses. Double opt-in closes this gap by adding the second, verified step.
Example
A prospect requests a solar comparison through a landing page and ticks the marketing consent box. Seconds later, an email reaches them: "Please confirm your request." Clicking the link records the timestamp, the IP address, and the moment of confirmation. This yields solid proof that the later lead buyer is entitled to expect.
What a clean DOI record contains
For evidentiary strength, it is advisable to log at least the time of sign-up, the time of confirmation, the IP address, and the wording of the consent. This record ideally travels with the lead throughout the entire delivery, so that every recipient can see where the consent came from. For the legal basis, see Consent.
How Leadnodes does it
In Leadnodes, the DOI record can be carried as part of the lead. When a lead comes in via API, email, CSV, Zapier, or Make, the email address and phone number are checked and duplicates are detected. The confirmation status and the associated metadata stay attached to the lead and are handed over to the buyer during distribution. This keeps it transparent across the entire chain whether and when a consent was confirmed, GDPR-compliant and hosted in Germany.
FAQ
Is double opt-in legally required?
The process itself is not expressly required by law, but it has become an established, practical way to make a marketing consent provable. It makes proof considerably easier.
How long should the record be kept?
The record should be available for as long as the consent is used, plus a reasonable period beyond that. The specific duration depends on the individual case.
What happens if no one confirms the link?
Without confirmation, the consent remains unverified. Such contacts should not be treated as usable for marketing.
This article offers general orientation and does not replace legal advice. Would you like to see how Leadnodes carries the DOI record? Book a demo.