September 28, 2017
Google among others is pushing for universal adoption of SSL and this October there’s a new deadline: Websites without SSL will be prominently marked as not secure. What does this mean for your email?
Although not the same, email encryption is already important for compliance reasons. Over the last few years it has been gaining relevance as a deliverability tool, which is why this is one of the tools our reputation recovery services uses to help our clients. We believe this is so important, that we made it an integral part of our Managed Email Tunnel service.
But think about it: You’re sending a beautifully crafted email filled with top notch content to your readers, that will now have to click on a link that their browser is marking with a Not secure label. What will this do to your engagement? There’s already speculation on the actual impact this will have. Our opinion is that probably there’s not enough data to paint a clear picture of what’s going to happen, but it’s clear that there will be an impact.
With user engagement being a critical factor in your email campaigns, the risk of your users not clicking your links could have a real impact in your business. Most likely this won’t be an abrupt change. Rather, the reduction will probably take a few weeks.
The key of risk mitigation is understanding three key concepts
- The chance of a risk scenario actually happening
- The impact to your business
- The cost of mitigating such risk to acceptable levels
At this point, we know that the risk is certain: Google Chrome will change in late October. Probably other browsers will follow suit so as to not appear less secure, so that takes care of the first bullet on the list. About the impact — the second bullet — it’s fair to say that it is unknown but definitely non-zero.
This leaves us with the cost of mitigation. And our recommendation in this regard can be summed up in the phrase “Why risk it?” Getting an SSL certificate for your website is not hard or expensive. You can even get certificates that install automatically for free using Let’s Encrypt.
After making that change, something that usually takes less than a couple hours in many scenarios, you just have to go through your email templates and ensuring that all URLs point to HTTPS sites. Go at this steadily and you should be fine. If you need us, we can help.
What do you think? Share your predictions with us over twitter or better yet, email.