Do HTTP tracking links affect email deliverability?

Key findings

• Security concern: HTTP links lack encryption, making them vulnerable to tampering or sniffing, which is a security concern for users and internet service providers (ISPs).
• Spam filter flags: Some sophisticated spam filters may flag emails containing HTTP tracking links, especially if the redirect chain includes an insecure hop.
• User trust: Users are increasingly wary of insecure links, leading to decreased click-through rates and potential abandonment due to browser security warnings.
• Brand perception: Using non-secure tracking links can negatively impact a brand's perceived professionalism and trustworthiness.
• Redirect chain complexity: The redirect from HTTP to HTTPS adds a step that can be scrutinized by email clients and security software.

Key considerations

• Prioritize HTTPS: Always strive for HTTPS tracking links to ensure encrypted communication and signal trustworthiness. Consider how HTTPS/SSL for email links and images generally impacts deliverability.
• Custom domains: Use custom branded tracking domains to maintain consistent branding and avoid generic, potentially suspicious, email service provider (ESP) tracking URLs.
• SSL certificates: Ensure your ESP or tracking solution correctly implements and maintains SSL certificates for your tracking domains.
• Domain alignment: Verify that tracking domains align with your sending domain to prevent reputation issues. This includes understanding how tracking URL subdomain alignment impacts deliverability.
• Monitor engagement: Closely monitor email engagement rates and inbox placement, as a drop could indicate link-related issues. For more insights, refer to general advice on whether links hurt email deliverability.

Key opinions

• Dodgy behavior: Many marketers view ESPs defaulting to HTTP tracking links as unprofessional or "dodgy behavior."
• Security perception: There's a strong belief that HTTP links erode user trust due to perceived phishing risks, especially with generic domains. This relates to the impact of engagement on deliverability.
• Push for HTTPS: Marketers strongly advocate for ESPs to offer custom, branded HTTPS tracking links as a standard feature.
• Cost implication: Some ESPs charge extra for implementing SSL certificates for custom tracking domains, creating a barrier to secure links.
• Blacklist risk: Concerns exist that insecure or poorly managed tracking links could lead to being added to a blocklist or blacklist. Understanding the pros and cons of vanity URLs can be helpful here.

Key considerations

• Demand HTTPS: Insist on HTTPS for all tracking links from your email service provider.
• Custom branding: Prioritize using custom branded tracking domains for consistency and user trust.
• Negotiate with ESPs: Be prepared to negotiate with your ESP regarding the cost and effort involved in setting up secure, custom tracking.
• User experience: Consider the end-user experience, as browser warnings or generic links can deter clicks and conversions.
• Stay updated: Recognize that industry standards are shifting towards greater security, making HTTPS crucial for long-term deliverability. For more on best practices, consider how to track links without affecting deliverability.

Key opinions

• HTTPS preferred: Experts universally recommend HTTPS over HTTP for all links, including tracking, to ensure data integrity and build trust. This aligns with general best practices for technical solutions for deliverability.
• Domain reputation paramount: The reputation of the tracking domain itself is often more important than the protocol, though HTTPS contributes positively to that reputation. For more on this, see our guide on understanding your email domain reputation.
• User security signals: Mailbox providers interpret the use of HTTPS as a positive signal for sender trustworthiness and user safety.
• Filter scrutiny: Insecure links, or those with unusual redirects, can trigger increased scrutiny from spam filters, potentially leading to deferrals or spam folder placement.
• Cost vs. benefit: While implementing HTTPS for custom tracking domains might involve initial effort or cost, experts view it as a necessary investment for optimal deliverability, as detailed in discussions on when content impacts deliverability.

Key considerations

• Secure every hop: Ensure that every step in a redirect chain, from the initial tracking link to the final destination, is secured with HTTPS.
• Monitor domain health: Regularly check the reputation of your tracking domains using tools like Google Postmaster Tools.
• Educate your ESP: If your ESP does not offer HTTPS tracking by default, educate them on its importance for deliverability and security.
• Align subdomains: Use tracking subdomains that align with your primary sending domain for consistent sender identity.
• Long-term investment: View the transition to HTTPS tracking as a critical, long-term investment in your email program's deliverability and brand reputation. This is part of a broader approach to email authentication.

Key findings

• TLS/SSL as standard: Modern internet protocols and web standards strongly advocate for the use of TLS/SSL (HTTPS) for all data in transit to ensure encryption and integrity.
• Anti-phishing measures: Documentation on email security and anti-phishing often highlights inconsistent or unencrypted URLs as indicators of potential malicious activity.
• Domain reputation weighting: Technical guides on sender reputation often list domain trustworthiness, partly indicated by consistent use of HTTPS, as a key factor. This reinforces concepts like what RFC 5322 says versus what actually works.
• User agent warnings: Browser and email client documentation describe how security warnings are triggered for users when navigating from a secure context to an insecure one (HTTP) or encountering mixed content.
• Implicit trust signals: While not always explicit, the consistent use of HTTPS across all linked assets implicitly signals a secure and legitimate sender to receiving systems, contributing to a better email deliverability outcome.

Key considerations

• Adherence to web standards: Align email linking practices with general web security standards by utilizing HTTPS for all links.
• Secure redirect paths: Ensure that any redirects initiated by tracking links maintain an HTTPS connection throughout the chain.
• Certificate management: Proper management and timely renewal of SSL certificates for all custom domains are essential for uninterrupted security.
• Minimize security warnings: Configure links to avoid triggering browser or email client security warnings for end-users.
• Future-proofing: Embrace HTTPS as a foundational practice to stay ahead of evolving security requirements from mailbox providers and internet standards bodies. This includes understanding the impact of custom domains for image hosting as well.