Double Opt-In Allow List

Who is protected by the Double Opt-in Allow List? Shops on all Postscript plans are protected by this feature. Learn more about Postscript Plans.

Postscript has taken a product-led approach to protecting the integrity of our merchants' subscriber lists. We’ve added updates to our platform to help keep merchants safe from spamming attacks and their lists devoid of bots and/or fake subscriber numbers.

In addition to requiring double opt-in for our merchants, Postscript has also implemented a Double Opt-In Allow List that sets specific country guardrails for double opt-in messages. If a subscriber outside of the defined list requests to opt in, they won't receive the confirmation opt-in message from your brand (e.g. "Reply Y to subscribe"). By removing that next required step in signing up for text messages, Postscript prevents unwanted spam and fake subscribers.

This article discusses what spamming attacks may look like, how our Double Opt-In Allow List feature defends merchants, and what to do if you need to add additional countries to your allow list.

Identifying Spam Attacks

When a merchant is being spammed by a cyber attacker, they may experience double opt-in messages being sent at unusually high volumes - especially in relation to opt-in messages.

double opt-in message (sometimes called confirmed opt-in) refers to the first message subscribers receive after opting into your SMS program. This message reads:

Shop Name: Reply Y to subscribe to recurring automated promotional msgs (e.g. cart reminders). Msg & data rates may apply.

An opt-in message refers to the message a subscriber receives after they reply Y to the double opt-in message. This message reads:

You've subscribed to Shop Name. Msg & data rates may apply. Msgs are recurring. Reply STOP to unsubscribe, HELP for help

You can see the send volume for each of these messages in your analytics tab. Without a Double Opt-In Allow List, if an attacker had targeted a merchant, there would have been a large delta between the volume of double opt-in messages and the volume of opt-in messages within a short timeframe (less than 24 hours).

Understanding Postscript's Solution

In addition to requiring double opt-in for merchants, Postscript has also implemented a Double Opt-in Allow List. Subscribers based in countries that are not on the Double Opt-In Allow List cannot receive a double opt-in message from your brand.

By default, Postscript’s Double Opt-In Allow List includes 26 countries from which subscribers can receive a double opt-in message. Those countries are determined by subscriber phone number and include:

Australia, Austria, Belgium, Brazil, Canada, France, Germany, Guersnsey/Jersey, Ireland, Isle of Man, Italy, Japan, Korea, Malta, Mexico, Netherlands, Portugal, Puerto Rico, South Africa, Spain, Sweden, Switzerland, the United Kingdom, the United States, and the Virgin Islands.

If you'd like to add a country to your shop's Double Opt-In Allow List, please reach out to your Customer Success Manager or contact our support team.

Additional Resources

Get Support

Have questions? Please feel free to reach out to our wonderful Support team at or via live chat. You can also submit a support request here!

Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.

Was this article helpful?
0 out of 0 found this helpful