SSL Click Tracking
A Secured Socket Layer (SSL) encrypts a URL with HTTPS instead of the less secure HTTP. Customers at Braze can set up their links and domains to apply SSL certificates. These certificates, similar to SPM and DKIM for email authentication, are insurances that links in your emails are sending your users to reputable locations, and not malicious websites. While not required, SSL certificates are quickly becoming the standard and are strongly recommended to ensure links and images display properly.
Why We Recommend SSL
While SSL is not required, the reasons we recommend SSL to our clients are three-fold:
- Required by some browsers
HTTPS links have a certified SSL link certificate attached to them, making it more secure for your users. Authentications like this are quickly becoming the standard with big-name browsers like Google Chrome now requiring it. This means that newer versions of Chrome can no longer access HTTP links or images without the necessary SSL layer.
- HSTS domains require SSL
Regardless of which browser your users may be accessing your emails, if you have an HTTP Strict Transport Security (HSTS) domain, you must set up SSL and configure a CDN to send the necessary security certificates. Failure to set up SSL will cause both image and web links to break.
- General Best Practice
Securing your website and links with SSL is a common practice even for companies that don’t deal directly with sensitive customer information. Users are more trusting of links that are secured with SSL, and the additional layer of authentication helps protect your data.
How do I get started?
- You must reach out to a COM or CSM to initiate a full Braze email setup.
- Braze will provide DNS records to add to your domain registry.
- Braze will verify if records have been added to your registry correctly.
- You will then select a CDN and obtain SSL certificates from a third-party provider.
- You will set up your CDN. Please note that Braze will not be able to help troubleshoot CDN configuration. Please reach out to your CDN provider for help.
- Lastly, reach out to your COM or CSM to get SSL turned on.
What is a CDN, and why do I need it?
A Content Delivery Network (CDN) is a platform of servers that help ensure quick load times of high-quality content across multiple mediums while also handling security certificates.
At Braze, in order to do click and open tracking, our delivery partners transform links using a branded subdomain, and the CDN applies the SSL certificate to those newly transformed links. Often, our delivery partners are required to present valid and trusted certificates to your email recipient’s browser for links and images to display correctly. Because Braze is unable to request or manage such certificates, this must be set up on your end through a CDN. Below we have outlined and linked out to relevant CDN partner resources to help make this process easy.
Please note that CDN configuration always follows after getting your DNS records validated by Braze. If you have not yet initiated this step, reach out to your COM or CSM for more information on how to get started.
If you are unable or do not wish to use the CDNs listed above when setting up SSL for click and open tracking, you may set up a custom SSL configuration. Note that alternate CDNs or custom proxies may result in a more complex and nuanced setup. Check out the Sendgrid and Sparkpost documentation on this topic.
Listed below are step-by-step guides written by Sendgrid and Sparkpost on how to configure certain CDNs. While your specific CDN may not be listed below, you must make sure your CDN has the ability to apply SSL certificates. It is also important to note that Braze will be unable to help you troubleshoot your CDN configuration. You must reach out to your CDN provider to help troubleshoot your CDN configuration.
|Sendgrid Step-By-Step Guides||Sparkpost Step-By-Step Guides|
Google Cloud Platform
While CDN configuration, certificates, and proxy issues should be handled with your selected CDN, we do offer some basic troubleshooting tips to identify where your SSL click tracking setup may be failing.
Check for Domain Registry Issues
A dig command can tell you whether you are pointing your link tracking at the CDN. This can be done through the terminal by running
dig CNAME link_tracking_subdomain.
Once the command is run, under
ANSWER SECTION it should list where your CNAME is pointed to. If it pointed to your chosen email service provider (Sendgrid or Sparkpost) and not your CDN, you must reconfigure your domain registry to point to your CDN.
Check for CDN Issues
If your live email links start breaking during setup, this often means you’ve pointed your DNS toward your CDN without it being properly configured. This often comes up as a “Wrong Link” error.
Please reach out to your CDN provider and review their documentation to help to troubleshoot your CDN configuration.
Check if SSL is Enabled by Braze
If you have completed your SSL setup and are still seeing your links come up as HTTP and not HTTPS, reach out to your Braze COM or CSM and make sure SSL has been enabled by Braze. SSL can only be enabled by Braze once all aspects of your SSL setup have been completed.