I’ve looked into this a bit- I believe it’s related to the checkout page loading with a default of “Agrees to Marketing”.

What happens- at scale and I have to believe deliberately- is the “checkout created” event with that flag set to true is considered as “opted-in” by the marketing automation platforms everyone uses, like Klayvio.

Even if you immediately un-check it, un-checking doesn’t trigger an unsubscribe event, since you never submitted the form in the first place.

And because your Shopify session is now shared across stores, your email address gets opted-into marketing just visiting a checkout page.

It's up to the store owner to actually default to "agrees to marketing". I'm not sure if Shopify is to blame when it's the owner that used an illegitimate opt-out for that setting instead of an opt-in.

And of course, follow-up mails for abandoned carts are an optional setting too.

The default for “Agrees to marketing” controls if the box defaults to checked on checkout, so I do think if the store disabled that you wouldn’t be subscribed.

My theory is it started by accident- if you get a notification that says, “this checkout, this email, agrees to marketing: true”, it sure reads like an opt-in, and it used to be reliable. But it’s not anymore, because your email is already attached to the checkout when its created.

“Agrees to Marketing” pre-dates the global Shop session by years, it’s plausibly an ecosystem bug; one with no real motivation to solve until customers start talking (more)

Now is a good time to mention SimpleLogin. So... yeah. SimpleLogin.

Shit, that's devious. Thanks for mentioning that.