Why does Gmail show a 'Suspicious Link' notification for HTTPS websites?
Summary
What email marketers say11Marketer opinions
Email marketer from Litmus Blog shares that excessively long or obfuscated tracking parameters added to URLs can sometimes trigger Gmail’s spam filters and lead to warnings, even for HTTPS sites, as these are often used to mask the true destination.
Email marketer from Google Support Forum explains that Gmail displays a 'Suspicious Link' warning when the system detects characteristics commonly used in phishing or other malicious attacks. This includes mismatches between the displayed link and the actual destination, or unusual URL structures.
Marketer from Email Geeks explains that the certificate failure is likely a red herring because the URL `links.bhcosmetics.com` is a CNAME redirect to `links.iterable.com`. Iterable's certificate is checked, and it will fail since Iterable can only certify its own domains. Linking insecurely in the email can sometimes help avoid this. He believes Gmail might be complaining about the insecure link.
Email marketer from GMass Blog shares that multiple URL redirections (e.g., link goes through several intermediate redirects before reaching the final destination) can trigger spam filters in Gmail, even if all sites in the chain use HTTPS. Too many redirects are often associated with malicious activities.
Email marketer from Mailjet Blog responds that domain reputation plays a crucial role; if the sending domain has a poor reputation due to spam complaints or blacklisting, Gmail might display warnings for links even to HTTPS sites.
Email marketer from Email on Acid Blog shares that the issue can occur when using link redirect services that have been abused for spam or phishing in the past. The redirect URL may be flagged even if the final destination is a secure HTTPS site.
Marketer from Email Geeks shares that the issue can arise when a domain uses HSTS, but the subdomain for click tracking lacks a valid certificate. Brian notes that trying to hit `https://links.bhcosmetics.com` throws a certificate error.
Email marketer from SendPulse Blog explains that using URL shortening services (like bit.ly) can sometimes trigger 'Suspicious Link' warnings, as these services are frequently used in spam and phishing campaigns. While the destination might be HTTPS, the shortened link itself raises red flags.
Email marketer from ActiveCampaign Help says if the sending IP address is on a blocklist, Gmail might show warnings for links even if the destination is HTTPS, as it indicates the sender has engaged in suspicious activities in the past.
Email marketer from StackExchange explains that Gmail's algorithm may flag links based on the domain's reputation or historical data. Even if the site is currently secure, past issues could still trigger the warning.
Email marketer from Reddit shares that even if a site uses HTTPS, the linked content could still be risky. For example, the site might be compromised, or the HTTPS certificate might be invalid or self-signed, causing the warning.
What the experts say4Expert opinions
Expert from Email Geeks suggests that the 'Suspicious Link' notification might appear if the website hosts other content that Google deems unfavorable.
Expert from Spam Resource explains that the sender's IP and domain reputation strongly influences whether links are flagged as suspicious. Even if the linked site is secure with HTTPS, a poor sender reputation can trigger warnings.
Expert from Word to the Wise explains that link cloaking, where the visible URL is different from the actual destination, is a common tactic used by spammers and phishers. Even if the final destination is HTTPS, the cloaking itself can trigger Gmail's 'Suspicious Link' warning.
Expert from Email Geeks explains that hosting malicious content under the same hostname could trigger the 'Suspicious Link' notification. This is more likely if a shared link redirector is being used from the ESP.
What the documentation says5Technical articles
Documentation from SSL Labs explains that misconfigured SSL certificates, such as mixed content (HTTPS page loading HTTP resources) or outdated protocols, can lead browsers to display warnings, even if the site uses HTTPS.
Documentation from W3C states that a strict Content Security Policy (CSP) can cause warnings if linked resources violate the policy rules. While CSP enhances security, misconfiguration can lead to false positives and warnings in Gmail.
Documentation from Mozilla Observatory details that if a website uses Subresource Integrity (SRI) and the linked resource doesn't match the expected hash, browsers may display warnings, even on HTTPS sites, as a security measure against compromised resources.
Documentation from IETF explains that inconsistent URL canonicalization (e.g., different capitalization or trailing slashes) can be interpreted as suspicious, especially if combined with other factors like domain age or reputation, potentially leading to Gmail warnings.
Documentation from Google Developers states that Google Safe Browsing flags websites that distribute malware, phishing attempts, or engage in social engineering. If a linked HTTPS website is flagged, Gmail will show a warning.