Double opt-in via PHP with Mailgun

Creating a custom signup form with Mailgun can be trivial. I receive tons of messages from people asking me to write a tutorial on how to do this in PHP so here it is.



Creating a custom signup form with Mailgun can be trivial. I receive tons of messages from people asking me to write a tutorial on how to do this in PHP so here it is. Before talking code, let’s briefly discuss best practices. If you know everything about double opt-in, skip the next paragraph and move on to the engineering part using our table of contents below.

What is double opt-in and as a developer, why do I care?

A double opt-in process is a way of verifying that when a person leaves their details in your newsletter sign-up form on your website, that they actually did sign for it. It achieves this by asking you to acknowledge and confirm that your email address has been added to a certain mailing list. How does it do that? Simply by sending you an email and asking you to confirm you really want to receive emails from that sender. If you don’t confirm your subscription (mostly by clicking on a confirmation link within a confirmation email) you should never receive a marketing (or similar) email from that sender.

Marketing people have learned to dislike this practice as it adds one extra step from reaching their audience, but it is important to understand that without this process anyone could be a target of unsolicited email spam

Without double opt-in, anyone that knows your email address could sign you up to thousands of newsletters and marketing lists on your behalf without your consent.

In most countries, this is required by law but either way, I believe it is a best practice and protects your business from stumbling upon deliverability issues and email abuse complaints.

HTML and Javascript Form

The first thing you will want to do is create a form that you will have somewhere on your website. This form will ask people for their details that you can save in a database or if supported, within the email platform itself. Mailgun supports the latter (and even more when using custom variable parameters), so you don’t have to worry about having to set up a database to hold this data.

The form will post to a file called contact.php and will have two fields that are mandatory. You can obviously make the name field non-mandatory or add more, but for the purpose of this article, we will keep it simple!

Using the below Javascript code will ensure the tickbox has been checked before validation (on submit), otherwise we will not pass the email onwards!

Feel free to add some style to the form. Right now it’s very basic, but functional.

PHP Functions

The interesting part begins here – a file containing all the functions needed to make the form work.

Here is a brief listing of all function created and an explanation of what they do:

  • SanitizeInputs(): This function is used to clean the userinput from any “damaging” characters

  • SanitizeEmail(): Same as above but instead, performs a regex check on the email address, we don’t want to send emails to mispelled addresses now do we?

  • SendConfirmationEmail(): Sends an email to a specified email address, in our case it is the email address specified by the user

  • MakeConfirmationHash(): Creates a unique hash based on a string concatenation of the user email’s address and a secret string. This string will be sent as part of the URL the user needs to click to verify it wants to receive emails from our site. Secure double opt-in awesomeness.

  • CheckConfirmationHash(): A function checking that when the user clicks on the confirmation link, the hash contained in the URL is valid. This is very important for the double opt-in procedure, otherwise, anyone could verify each other’s email address.

You can change the text of the email as you wish. Keep in mind that you will be passing the secret hash, the email address and the name of the user back to the script as GET parameters!

Dependency Alert: I’ve used the official mailgun php library available on GitHub

PHP Logic

For the logic section, I’ll explain the reasoning behind the code.

When the user enters his email address and name inside the box and submits the form, the following happens:

  1. The script generates a unique code and emails it to the user

  2. The user receives an email with a confirmation link, containing information about him and unique code: Clicking on the email will confirm he is okay with his address being part of our mailing list.

  3. Clicking the URL sends back details of the user who are checked against the unique code and triggers his addition to the mailing list on Mailgun.

And that’s it, double-opt in respected, a well job done!

Let me know if you’ve enjoyed this article by sharing your thoughts in the comment box below or on Twitter; and if you’d love to see this tutorial in a different programming language, please let me know.

Happy Sending!

Sign Up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Related readings

How to send transactional email in a NodeJS app using the Mailgun API

Sending transactional emails is easy regardless of your tools. If you use a NodeJS helper library, this walkthrough will help you get set up in Mailgun. Read more...

Read more

What’s cool about COIL

In terms of opt-in options, you probably think you’ve got them down. But we’re here to...

Read more

How to improve the way WordPress websites send email

If you’re using the default PHP mail() function to send email via WordPress, you could be...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon