What are the potential issues with removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping?

Summary

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping is a multifaceted issue with potential downsides. Some argue it might be acceptable to stop wrapping. However, the consensus is that it leads to several problems, including broken links in older clients, security vulnerabilities, reduced user trust, negative SEO impacts, inaccurate tracking, inconsistent rendering, URI standard violations, mixed content blocking, damaged sender reputation, and emails being flagged as spam. Prioritizing properly formatted HTML links and HTTPS is generally recommended.

Key findings

  • Compatibility Issues: Older email clients may not properly interpret links without HTTP/HTTPS, leading to broken links.
  • Security Risks: Removing HTTPS exposes users to man-in-the-middle attacks and compromises data encryption.
  • Trust Reduction: Links without HTTPS may appear suspicious, lowering user trust and click-through rates.
  • SEO Penalties: Link cloaking or using non-HTTPS links can negatively impact SEO rankings.
  • Tracking Problems: Stripping the protocol can disrupt tracking and skew analytics.
  • Rendering Inconsistencies: Links may render differently across email clients without a specified protocol.
  • URI Violation: RFC 3986 states URIs must have a valid scheme (HTTP/HTTPS).
  • Mixed Content Blocking: Browsers block HTTP content on HTTPS pages, making non-HTTPS links unusable.
  • Reputation Damage: Linking to naked domains can hurt your sender reputation.
  • Spam Filters: Links without HTTP/HTTPS are a spam filter trigger.
  • Tracking Disabled: Removing HTTPS can make redirect and tracking impossible.

Key considerations

  • Weigh the Risks: Carefully consider all the potential downsides before removing HTTP/HTTPS.
  • Client Support: Understand the impact on different email clients your audience uses.
  • Alternative Solutions: Explore alternative methods to prevent ESP wrapping without removing the protocol.
  • Prioritize Security: Prioritize user security by maintaining HTTPS links whenever feasible.
  • Maintain Standards: Adhere to URI standards to guarantee link validity.
  • Monitor SEO: Keep tracking SEO performance and react to any drops.

What email marketers say
9Marketer opinions

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping presents several potential issues. While it might stop the wrapping, it can lead to broken links in older email clients, security risks due to lack of encryption, and reduced user trust. It can also negatively impact SEO, tracking accuracy, and email rendering consistency across different devices and platforms.

Key opinions

  • Broken Links: Older email clients and devices may not recognize links without HTTP/HTTPS, leading to broken links.
  • Security Risks: Removing HTTPS exposes users to potential security threats like man-in-the-middle attacks due to the lack of encryption.
  • Reduced Trust: Users are less likely to trust links without HTTPS, which can lower click-through rates.
  • SEO Impact: Cloaking links or using non-HTTPS links can negatively impact SEO, potentially leading to penalties from search engines.
  • Tracking Issues: Stripping the protocol can negatively impact tracking accuracy, skewing analytics and harming deliverability rates.
  • Rendering Inconsistencies: Different email clients may render links without HTTP/HTTPS inconsistently, leading to a poor user experience.

Key considerations

  • Email Client Compatibility: Assess the compatibility of links without HTTP/HTTPS with the email clients used by your audience.
  • Security Implications: Weigh the security risks associated with removing HTTPS, especially concerning data encryption and user trust.
  • SEO Consequences: Consider the potential negative impact on SEO ranking due to link cloaking or using non-HTTPS links.
  • Tracking Reliability: Evaluate how removing the protocol affects the accuracy of your email tracking and analytics.
  • User Experience: Ensure that the changes do not negatively affect user experience and maintain consistent rendering across devices.
  • Alternative Solutions: Explore alternative solutions to prevent ESP wrapping, such as working with your ESP to configure deeplinking from wrapped links.
Marketer view

Email marketer from Reddit responds that HTTPS provides an encrypted connection between the user and the server. Removing HTTPS exposes the user to potential security risks such as man-in-the-middle attacks.

February 2022 - Reddit
Marketer view

Email marketer from EmailOnAcid Blog explains that some older email clients render links differently. Removing HTTP/HTTPS can create inconsistencies in how the email appears across different devices and platforms.

March 2022 - EmailOnAcid Blog
Marketer view

Email marketer from Stack Overflow explains that some browsers might not correctly interpret protocol-relative URLs, which can lead to rendering issues or broken links for certain users.

August 2022 - Stack Overflow
Marketer view

Email marketer from Neil Patel Digital explains that cloaking links can negatively impact SEO because search engines might see it as a deceptive practice. It can lead to penalties or even de-indexing.

November 2022 - Neil Patel Digital
Marketer view

Email marketer from Quora shares that users are more likely to trust links that begin with HTTPS. Removing it can make links look suspicious, potentially reducing click-through rates.

May 2022 - Quora
Marketer view

Email marketer from Litmus mentions that by stripping out the protocol, you could negatively impact the way your tracking is interpreted, skewing analytics and potentially hurting your deliverability rates.

June 2023 - Litmus
Marketer view

Marketer from Email Geeks explains that URLs without http or https may not work properly with email clients. They suggest using properly formatted HTML links.

March 2021 - Email Geeks
Marketer view

Marketer from Email Geeks says that using a non-HTTPS link may be fine to stop wrapping.

January 2024 - Email Geeks
Marketer view

Email marketer from Inbox Collective shares that removing the protocol from links is risky as some older email clients or devices might not recognize them, which will result in broken links and a bad user experience.

November 2024 - Inbox Collective

What the experts say
3Expert opinions

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping presents conflicting viewpoints. One expert suggests link wrapping itself doesn't impact delivery. However, other experts highlight that removing HTTPS can disable redirect tracking, degrade security, hinder receiver-side filters, damage sender reputation, and cause emails to be flagged as spam.

Key opinions

  • No Delivery Impact (Wrapping): Link wrapping, in itself, might not directly impact email delivery.
  • Tracking Disabled: Removing HTTPS can make redirect and tracking impossible.
  • Security Degraded: Removing HTTPS degrades security by exposing users to potential threats.
  • Filter Interference: Removing HTTPS can make it harder for receiver-side filters to function correctly.
  • Reputation Damage: Using links with just domains or IP addresses (no protocol) can damage your sender reputation.
  • Spam Flagging: Links without HTTP/HTTPS may cause emails to be flagged as spam.

Key considerations

  • Conflicting Viewpoints: Acknowledge that there are conflicting opinions on whether link wrapping affects delivery.
  • Tracking Requirements: Evaluate the necessity of link tracking and the impact of losing this functionality.
  • Security Protocols: Prioritize security by retaining HTTPS whenever possible to protect user data.
  • Deliverability Filters: Ensure compatibility with receiver-side filters to prevent emails from being blocked.
  • Sender Reputation: Protect your sender reputation by using fully qualified URLs (with HTTP/HTTPS).
  • Spam Trigger Words: Avoid patterns or practices that could trigger spam filters, such as omitting HTTP/HTTPS.
Expert view

Expert from Email Geeks states they wouldn't expect link wrapping to impact delivery.

February 2022 - Email Geeks
Expert view

Expert from Spamresource mentions that removing the https can make redirect and tracking impossible, and may degrade security, and could make it harder for receiver-side filters to function correctly.

December 2023 - Spamresource
Expert view

Expert from Word to the Wise shares that using links which are just domains or IP addresses with no protocol can damage your reputation. Email clients will not resolve them to a website and it will look like spam.

June 2022 - Word to the Wise

What the documentation says
4Technical articles

Removing HTTP/HTTPS from email deeplinks, according to technical documentation, poses several significant issues. It can lead to mixed content blocking in browsers, potentially rendering links unusable if the main page is HTTPS. It negatively impacts SEO, as HTTPS is a ranking signal. It violates URI standards by creating invalid links, and it compromises security by removing encryption and authentication, making data transmission vulnerable.

Key findings

  • Mixed Content Blocking: Browsers block HTTP resources on HTTPS pages, making non-HTTPS links non-functional.
  • SEO Impact: HTTPS is a ranking signal, so removing it from links hurts SEO performance.
  • Invalid URI: Removing HTTP/HTTPS creates an invalid URI, violating internet standards.
  • Security Compromise: HTTPS provides encryption and authentication; removing it exposes data to risks.

Key considerations

  • HTTPS Dominance: Consider that modern web practices emphasize HTTPS, making HTTP links increasingly problematic.
  • SEO Implications: Evaluate the long-term SEO consequences of using non-HTTPS links.
  • Standards Compliance: Prioritize compliance with URI standards to ensure proper link functionality.
  • Data Security: Weigh the security implications of transmitting data without encryption.
Technical article

Documentation from Google Search Central shares that HTTPS is a ranking signal. Downgrading links to HTTP (by removing HTTPS from some) could potentially dilute the benefits and impact SEO performance.

December 2024 - Google Search Central
Technical article

Documentation from OWASP (Open Web Application Security Project) states that HTTPS (HTTP over TLS) provides encryption and authentication. Removing HTTPS compromises the integrity and confidentiality of the data being transmitted.

August 2023 - OWASP
Technical article

Documentation from RFC 3986 explains that a URI should have a valid scheme (like HTTP or HTTPS) for it to be correctly interpreted. Removing the scheme makes the URI invalid according to the standard.

December 2021 - RFC 3986
Technical article

Documentation from Mozilla Developer Network explains that if the main page is served over HTTPS, browsers will block mixed content (HTTP resources) by default. Removing HTTPS from links might cause them to be blocked, leading to functionality issues.

December 2024 - Mozilla Developer Network