What are the potential issues with removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping?

Summary

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping is a multifaceted issue with potential downsides. Some argue it might be acceptable to stop wrapping. However, the consensus is that it leads to several problems, including broken links in older clients, security vulnerabilities, reduced user trust, negative SEO impacts, inaccurate tracking, inconsistent rendering, URI standard violations, mixed content blocking, damaged sender reputation, and emails being flagged as spam. Prioritizing properly formatted HTML links and HTTPS is generally recommended.

Key findings

  • Compatibility Issues: Older email clients may not properly interpret links without HTTP/HTTPS, leading to broken links.
  • Security Risks: Removing HTTPS exposes users to man-in-the-middle attacks and compromises data encryption.
  • Trust Reduction: Links without HTTPS may appear suspicious, lowering user trust and click-through rates.
  • SEO Penalties: Link cloaking or using non-HTTPS links can negatively impact SEO rankings.
  • Tracking Problems: Stripping the protocol can disrupt tracking and skew analytics.
  • Rendering Inconsistencies: Links may render differently across email clients without a specified protocol.
  • URI Violation: RFC 3986 states URIs must have a valid scheme (HTTP/HTTPS).
  • Mixed Content Blocking: Browsers block HTTP content on HTTPS pages, making non-HTTPS links unusable.
  • Reputation Damage: Linking to naked domains can hurt your sender reputation.
  • Spam Filters: Links without HTTP/HTTPS are a spam filter trigger.
  • Tracking Disabled: Removing HTTPS can make redirect and tracking impossible.

Key considerations

  • Weigh the Risks: Carefully consider all the potential downsides before removing HTTP/HTTPS.
  • Client Support: Understand the impact on different email clients your audience uses.
  • Alternative Solutions: Explore alternative methods to prevent ESP wrapping without removing the protocol.
  • Prioritize Security: Prioritize user security by maintaining HTTPS links whenever feasible.
  • Maintain Standards: Adhere to URI standards to guarantee link validity.
  • Monitor SEO: Keep tracking SEO performance and react to any drops.

What email marketers say
9Marketer opinions

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping presents several potential issues. While it might stop the wrapping, it can lead to broken links in older email clients, security risks due to lack of encryption, and reduced user trust. It can also negatively impact SEO, tracking accuracy, and email rendering consistency across different devices and platforms.

Key opinions

  • Broken Links: Older email clients and devices may not recognize links without HTTP/HTTPS, leading to broken links.
  • Security Risks: Removing HTTPS exposes users to potential security threats like man-in-the-middle attacks due to the lack of encryption.
  • Reduced Trust: Users are less likely to trust links without HTTPS, which can lower click-through rates.
  • SEO Impact: Cloaking links or using non-HTTPS links can negatively impact SEO, potentially leading to penalties from search engines.
  • Tracking Issues: Stripping the protocol can negatively impact tracking accuracy, skewing analytics and harming deliverability rates.
  • Rendering Inconsistencies: Different email clients may render links without HTTP/HTTPS inconsistently, leading to a poor user experience.

Key considerations

  • Email Client Compatibility: Assess the compatibility of links without HTTP/HTTPS with the email clients used by your audience.
  • Security Implications: Weigh the security risks associated with removing HTTPS, especially concerning data encryption and user trust.
  • SEO Consequences: Consider the potential negative impact on SEO ranking due to link cloaking or using non-HTTPS links.
  • Tracking Reliability: Evaluate how removing the protocol affects the accuracy of your email tracking and analytics.
  • User Experience: Ensure that the changes do not negatively affect user experience and maintain consistent rendering across devices.
  • Alternative Solutions: Explore alternative solutions to prevent ESP wrapping, such as working with your ESP to configure deeplinking from wrapped links.
Marketer view

Email marketer from Reddit responds that HTTPS provides an encrypted connection between the user and the server. Removing HTTPS exposes the user to potential security risks such as man-in-the-middle attacks.

February 2022 - Reddit
Marketer view

Email marketer from EmailOnAcid Blog explains that some older email clients render links differently. Removing HTTP/HTTPS can create inconsistencies in how the email appears across different devices and platforms.

March 2022 - EmailOnAcid Blog

What the experts say
3Expert opinions

Removing HTTP/HTTPS from email deeplinks to prevent ESP wrapping presents conflicting viewpoints. One expert suggests link wrapping itself doesn't impact delivery. However, other experts highlight that removing HTTPS can disable redirect tracking, degrade security, hinder receiver-side filters, damage sender reputation, and cause emails to be flagged as spam.

Key opinions

  • No Delivery Impact (Wrapping): Link wrapping, in itself, might not directly impact email delivery.
  • Tracking Disabled: Removing HTTPS can make redirect and tracking impossible.
  • Security Degraded: Removing HTTPS degrades security by exposing users to potential threats.
  • Filter Interference: Removing HTTPS can make it harder for receiver-side filters to function correctly.
  • Reputation Damage: Using links with just domains or IP addresses (no protocol) can damage your sender reputation.
  • Spam Flagging: Links without HTTP/HTTPS may cause emails to be flagged as spam.

Key considerations

  • Conflicting Viewpoints: Acknowledge that there are conflicting opinions on whether link wrapping affects delivery.
  • Tracking Requirements: Evaluate the necessity of link tracking and the impact of losing this functionality.
  • Security Protocols: Prioritize security by retaining HTTPS whenever possible to protect user data.
  • Deliverability Filters: Ensure compatibility with receiver-side filters to prevent emails from being blocked.
  • Sender Reputation: Protect your sender reputation by using fully qualified URLs (with HTTP/HTTPS).
  • Spam Trigger Words: Avoid patterns or practices that could trigger spam filters, such as omitting HTTP/HTTPS.
Expert view

Expert from Email Geeks states they wouldn't expect link wrapping to impact delivery.

February 2022 - Email Geeks
Expert view

Expert from Spamresource mentions that removing the https can make redirect and tracking impossible, and may degrade security, and could make it harder for receiver-side filters to function correctly.

December 2023 - Spamresource

What the documentation says
4Technical articles

Removing HTTP/HTTPS from email deeplinks, according to technical documentation, poses several significant issues. It can lead to mixed content blocking in browsers, potentially rendering links unusable if the main page is HTTPS. It negatively impacts SEO, as HTTPS is a ranking signal. It violates URI standards by creating invalid links, and it compromises security by removing encryption and authentication, making data transmission vulnerable.

Key findings

  • Mixed Content Blocking: Browsers block HTTP resources on HTTPS pages, making non-HTTPS links non-functional.
  • SEO Impact: HTTPS is a ranking signal, so removing it from links hurts SEO performance.
  • Invalid URI: Removing HTTP/HTTPS creates an invalid URI, violating internet standards.
  • Security Compromise: HTTPS provides encryption and authentication; removing it exposes data to risks.

Key considerations

  • HTTPS Dominance: Consider that modern web practices emphasize HTTPS, making HTTP links increasingly problematic.
  • SEO Implications: Evaluate the long-term SEO consequences of using non-HTTPS links.
  • Standards Compliance: Prioritize compliance with URI standards to ensure proper link functionality.
  • Data Security: Weigh the security implications of transmitting data without encryption.
Technical article

Documentation from Google Search Central shares that HTTPS is a ranking signal. Downgrading links to HTTP (by removing HTTPS from some) could potentially dilute the benefits and impact SEO performance.

December 2024 - Google Search Central
Technical article

Documentation from OWASP (Open Web Application Security Project) states that HTTPS (HTTP over TLS) provides encryption and authentication. Removing HTTPS compromises the integrity and confidentiality of the data being transmitted.

August 2023 - OWASP