How many times can our company legally send an opt-in email confirmation?

If a user does not opt-in, then returns to our website at a future date and decides to subscribe again but does not confirm the opt-in. Can we legally resend the opt-in?

Another example: a malicious user manually enters an email into our system over and over. The owner of that email address would receive multiple unwanted / unsolisticed opt-in requests.

How do I deal with this type of situation?