Double opt-in
A double opt-in is the process whereby a contact confirms their sign-up for marketing communication / membership. It basically makes signing up into a two-step process. First the contact signs up, maybe at the checkout, using their email address, causing the standard preferences to be set. An email is then sent, containing a link. The contact needs to actively click this link, causing the additional double opt-in consent to also be set. Only then should they be included in any email send-out, and it's up to the Engage admin to confirm this before including them.
Why double opt-in?
Using double opt-in increases the chances that only interested customers receive marketing information. It also protects your sender reputation, since now only real email addresses will be included in send-outs. A third reason is that some countries (like Germany) now require sign-ups to be done in this way.
Double opt-in in Engage
A few things are needed in Engage to make this work.
1) First a new consent must be added (a custom contact attribute of type "Consent") in the Configure Engage area. Ideally you'll give the consent a name mentioning double opt-in (which is not obligatory, it just makes it easier to keep track of). Call it doubleOptInConsent for the sake of this example.
2) Then you'll need an email template that contains a clickable link, as shown in the image below.
On the link you'll need this code that will set doubleOptInConsent and also redirect to the URL specified.
[[CreateSetAttributeLink(doubleOptInConsent, true, 'https://landingpage.com')]]
3) Finally you'll need two automations set up. One will use the "New contact registered" trigger that will send the email using the template you set up in step 2. The second will use the "Approved consent" trigger, filtering for the doubleOptInConsent consent. This automation is triggered when the link is clicked and the consent is set. Here is where you can send your "Welcome on board!" email.
The double opt-in flow
Here's an example of the flow in action.
A contact signs up at the checkout and indicates which communication they want to receive. Based on that, the standard preferences (acceptsEmail, acceptsSMS, acceptsPostal) are set when the contact is created Engage. But doubleOptInConsent is not set yet.
The contact's sign-up is picked up by your "New contact registered" automation, which sends an email to the contact's address, using the template you made above.
Once the link in the email is clicked doubleOptInConsent is set to "true" and the contact is redirected to the URL specified. A welcome email is sent.
Now when you as the Engage admin want to do an email send-out, you'll need to confirm that all contacts included have, as usual, acceptsEmail set to true but also that doubleOptInConsent is set to true.
Important
Remember, it's up to the Engage admin to always confirm that the double opt-in flag is correctly set before including a contact in a send-out.
Email scanners and GDPR
Some email systems scan incoming emails and automatically access any links to confirm they are not malicious. This can cause an opt-in link in an email to be automatically "clicked" before the receiver opens it, generating a false consent. Note that it is outside of Engage's area of responsibility to guarantee that unapproved consents are not created in this way. It is always up to you as the data controller for ensuring that GDPR requirements are met.
There are however many solutions to this problem. You can for example set up a landing page where there's a second button to click that gives the actual consent. Or use a captcha on that landing page to confirm the visitor is human. Or have a client-side redirect that adds some extra required parameter to the link when it's been clicked by the user.