MailPoet Team: Anyone entering their own email address would be implied consent as their email and every single email has an unsubscribe link, all 100% GDPR compliant. Similar to typing your name in a consent form in-lieu of a signature.

Anyone entering someone else's email address would be no different to sending them an unsolicited email directly and it would be the sender in breach of GDPR, not the website, server or company delivering the message.

Again, the enforcement of clear working unsubscribe links on all emails is the fastest and simplest remedy for any user receiving unwanted emails.

An email address along is not personal information without a person's name, so there is no personal information stored without that supplemented, which is doubtful when most forms don't have name fields.

All professional websites have captcha or honeypot protection on forms to prevent robotic submission.

I don't see this as a GDPR problem, in rare circumstances that someone decides to subscribe another person for whatever humorous reasons, they could as easily just send an email form an anonymous account anyway so there is no protection since the opt-in email would always be sent regardless of passive or active opt-in policy.

Again, the unsubscribe link is the important part, and that active opt-out is a clear communications on the user wishes with regard to GDPR and should and would be honoured.

Perhaps if that person then re-subscribed then the Unsubscribe action should also count the number of times that an email has been unsubscribed to monitor for any form abuse signals that would suggest the form needs better captcha protection or IP logging to block rogue offending IPs.

The key to this is enforcement of working Unsubscribe links because that working would be less effort and more fruitful for anyone than the more time-consuming route of a GDPR complain that would have to include evidence that the user had already asked for their data to be provided and removed from systems, which the Unsubscribe link would do.

Marcus Quinn: Thanks for taking the time to expand.

Note that you can disable double opt-in if you send with your host or third party. So it it possible to do and we do understand the significant loss of subscribers due to double opt-in.

Now, as for as sending with MailPoet, under GDPR, one needs consent and this is where your proposition sits in a grey area. It really depends of the sender's intent in the first place.

For example, you can import in MailPoet with no proof of consent right now. :)

But since there are plenty of rogue users on MailPoet everyday, it would be extremely tricky for us to disable signup confirmation. Spam complaints hurt considerably our IPs reputation, not to mention honey pots that are disguised.

MailPoet Team: Thanks, I understand your position completely. Perhaps still something to consider for trusted subscribers where you can review their website and practices. We will look into an SMTP hybrid solution too.

Marcus Quinn: Can I add that GDPR is only a failed EU over bearing ridiculous law. Does Mail Poet care about its customers in the vast majority of the world? Sure make it an option BUT to make this MANDATORY for all Mail Poet customers is as socialist as the EU! Time for some common sense and time to start listening to your customers Mail Poet!

MailPoet Team: It would be nice though to select what sending service to use depending on the list opt-in though. I have leadmagnets that send awhitepaper or link to an pdf after sign up. I have user complaining that they need to do the double optin first, they don't get it why they need to confir before receiving the mail with the lead magnet. Also because I dannot differentiate in the welcome mail depending on the list they sign up for