I’d avoid using the term “double opt-in”. Generally, people refer to a closed-loop system as “confirmed opt-in”. Anti-spammers object to the term “double opt-in” because it implies that the person is “opting in” twice, when actually they’re only opting-in once (when they confirm their address).
As long as the existing addresses have been collected in this way, you’re probably OK, though you would also need to set things up so that you have the date/time/URL/IP address of signup etc., as required by the policy.
As I said in my original post, feel free to contact / email support if you have any specific questions about the policy. It’s always better to get stuff clarified ahead of time (rather than when we’re contacting you about a spam complaint). The message will probably end up getting passed on to Jeff or me anyway, but please try to submit it via the normal channels.