Do secure HTTPS links improve email deliverability?

Key findings

• ISP preference: Major email providers like Gmail and Outlook prioritize emails that contain HTTPS links, potentially improving the likelihood of messages landing in the inbox rather than the spam folder.
• Trust and security: HTTPS ensures encrypted communication, protecting user data and establishing trust. This enhanced security can indirectly boost deliverability by improving overall sender reputation and reducing the chances of phishing or malware flags. Having secure links is an integral part of broader email security best practices, including proper SSL/TLS for email links and images.
• Search engine alignment: Google openly states its preference for HTTPS content for search rankings. It's reasonable to infer a similar, though perhaps less direct, preference for secure links within email content, impacting how email clients that integrate with search engines might evaluate messages.
• Future readiness: Browsers like Chrome are moving towards forcibly upgrading all links to HTTPS, which means relying on HTTP links will eventually lead to broken experiences or security warnings for recipients, negatively impacting engagement and indirectly, deliverability. Businesses are also often setting HSTS policies that auto-upgrade links.
• Compliance: Using HTTPS helps comply with modern industry best practices and data privacy regulations, which increasingly emphasize secure data transmission.

Key considerations

• Minor signal: While beneficial, HTTPS links may currently be a minor signal for deliverability compared to other factors like sender reputation, email authentication (SPF, DKIM, DMARC), and content quality. However, its importance is growing.
• User experience: Non-secure links can trigger browser warnings or be flagged by security software, eroding recipient trust and discouraging clicks, which indirectly harms engagement and deliverability. Securing your email communications with SSL is paramount. Learn more about this from Wooxy.
• Tracking domains: Ensure that any tracking domains used by your Email Service Provider (ESP) also utilize HTTPS. If your tracking links are HTTP while your main website is HTTPS, it can cause inconsistencies and potential issues.
• Cost and transition: Historically, SSL certificates were costly and complex to implement. While services like Let's Encrypt have made them free and easier, transitioning existing infrastructure or managing old HTTP links can still be a challenge for some organizations or ESPs.

Key opinions

• Best practice: Many marketers view HTTPS for links as a fundamental best practice, similar to proper authentication, even if its direct deliverability impact is sometimes debated. It aligns with the increasing emphasis on security across the internet.
• User trust: Marketers prioritize building trust with their audience. Secure links provide a visual cue (the padlock icon or HTTPS prefix) that reassures recipients about the safety of clicking, which can lead to higher engagement rates and better sender reputation. Higher deliverability is also linked to the use of safe email links according to the Rebrandly blog.
• Minor deliverability signal: While some believe it's a minor signal, there's a strong belief that as more legitimate mailers adopt HTTPS, it will become a more significant factor in filtering decisions.
• Cost concerns with ESPs: A common frustration among marketers is that some ESPs still charge extra for SSL/TLS on tracking domains, despite the widespread availability of free certificates and the industry push towards encryption. This can contribute to the continued use of HTTP tracking links, which can impact deliverability.

Key considerations

• Mixed content risk: Marketers should avoid mixing HTTP and HTTPS links within the same email, as this can lead to security warnings or broken content, negatively impacting the user experience and potentially deliverability due to a poor perception of the email's legitimacy.
• Tracking domain alignment: It's crucial that all elements of an email, including tracking links and images, are served over HTTPS to present a consistent and secure experience. Non-HTTPS engagement tracking can hurt sender reputation.
• Transition complexities: For established campaigns, transitioning old HTTP links to HTTPS can be complex, requiring careful planning to avoid broken links or unintended consequences for reporting and analytics.
• Competitive advantage: Using secure links can offer a subtle competitive advantage by signaling to ISPs and recipients that a sender is modern, security-conscious, and committed to best practices.

Key opinions

• Gmail's preference: Experts note that Gmail has publicly stated a preference for HTTPS web content for search and it's logical to assume a similar positive treatment for links within email content, even if direct proof for email specifically is not widely disseminated. This is part of the overall move towards more secure protocols like DMARC, SPF, and DKIM.
• Minor signal, but growing: The current impact might be low, but it's an evolving signal. As more good senders adopt HTTPS, it will likely become a stronger differentiator for ISPs, making it a critical aspect of future deliverability. Many top-performing senders already use it.
• Good practice regardless of deliverability: Even without a significant, direct deliverability boost today, using secure links is simply a good security practice. It protects users from eavesdropping and content tampering, which is a fundamental aspect of online trust.
• Industry movement: Experts highlight that major browsers like Chrome are pushing for mandatory HTTPS, meaning unencrypted links will soon cause issues for recipients, indirectly forcing email senders to adapt or risk poor user experience.

Key considerations

• Technical overhead for ESPs: Implementing HTTPS for customer-specific hostnames and tracking domains can be technically challenging and resource-intensive for ESPs, especially older systems not built with automatic TLS in mind. However, this is becoming less of an excuse.
• Cash cow for some: Some ESPs may continue to charge for SSL certificates primarily because it represents a revenue stream, rather than due to insurmountable technical challenges, particularly with the advent of free certificate authorities.
• HSTS implications: Websites often implement HSTS (HTTP Strict Transport Security) policies that force all traffic, including subdomains, over HTTPS. If an ESP's click-tracking domain doesn't support HTTPS, it can lead to problems when a recipient's browser tries to enforce the HSTS policy for a link from an email. Securing your tracking domain with an SSL certificate is crucial.
• Google's internal consistency: Some experts point out that while Google pushes for HTTPS, they haven't always been perfectly consistent across all their own properties, which highlights the complexity of a full internet-wide transition.

Key findings

• Gmail best practices: Documentation from major email providers, such as Gmail's best practices, implicitly or explicitly recommends the use of HTTPS for links as part of broader sender quality signals, even if the direct impact on deliverability isn't quantified. They expect senders to follow comprehensive best practices for optimal delivery.
• Security and trust: Industry documentation consistently highlights that SSL/TLS certificates (which enable HTTPS) are fundamental for securing tracking domains and overall email communications. This security builds user trust, which is indirectly tied to deliverability. Ensuring that email is properly encrypted is a core deliverability pillar, as highlighted by Google's stance on email encryption.
• Compliance with standards: Adhering to modern web standards, which increasingly prioritize encryption, is seen as a sign of a legitimate and responsible sender. This compliance positively influences sender reputation. The benefits of implementing DMARC further underscore this.
• Prevention of tampering: HTTPS links prevent third parties from injecting malicious content or altering link destinations, which protects both the sender's brand and the recipient's security. This reduces the likelihood of being flagged as suspicious by security systems.

Key considerations

• Holistic approach: Documentation often presents secure links as one piece of a larger deliverability puzzle, emphasizing that it works in conjunction with other authentication measures and content quality to achieve optimal inbox placement.
• ISP-specific recommendations: While general advice exists, some documentation might provide ISP-specific nuances regarding how they evaluate links and their impact on deliverability.
• Evolving standards: The internet is continuously evolving towards greater security. Documentation reflects this ongoing shift, indicating that what might be a minor signal today could become a mandatory requirement tomorrow.